I will do that tommorow -----Original Message----- From: [email protected] <[email protected]> To: [email protected] <[email protected]> Sent: Tue Oct 10 14:11:21 2006 Subject: [ossec-list] Re: newbie question?
Rick is right. Ossec currently does not support Exchange logs and they are being treated as "IIS Web" logs incorrectly. I am adding a lot of new features for the Windows agent recently and if you can provide some log samples to us, we can add support for Exchange too. Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 10/10/06, McClinton, Rick <[EMAIL PROTECTED]> wrote: > > > > > Looks like OSSEC doesn't grok IIS SMTP logs and has interpreted "500" as the > HTTP error code 500. > > Rick > > > > ________________________________ > > > From: [email protected] [mailto:[EMAIL PROTECTED] On > Behalf Of Dennis Borkhus-Veto > Sent: Monday, October 09, 2006 5:51 PM > To: [email protected] > Subject: [ossec-list] newbie question? > Importance: Low > > > > > Or this may be a stupid question based on the knowledge of this list. > > > > I have been working on getting Ossec running and I have been very pleased > but I have a question. > > I have ossec monitoring my logs from my Exchange server but I am not sure > what they mean see below for a sample. > > I have modified some of my internal address info. > > > > Received From: (my Exchange server) > 192.168.x.x->\newsmtplog\SMTPSVC1\ex061009.log > > Rule: 31122 fired (level 5) -> "Web server 500 error code (Internal Error)." > > Portion of the log(s): > > > > 2006-10-09 14:04:46 69.217.186.117 - SMTPSVC1 MEE-PDC 192.168.X.X 0 xxxx - > +hupylaw.hupy.local 500 0 32 23 0 SMTP - - - - > > > > > > Sincerely > > Dennis Borkhus-Veto > Systems Administrator > MEE Material Handling L.L.C > [EMAIL PROTECTED] > >
