Resending. -------- Original Message -------- Subject: Re: [ossec-list] Re: FW: [ossec-list] Log host? Date: Wed, 31 Jan 2007 20:23:49 -0500 From: Michael Starks <[EMAIL PROTECTED]> To: [email protected] References: <[EMAIL PROTECTED]>
Jeremy Melanson wrote: > * This was a kludgy thing to do, but I found that OSSEC's PIX rules > weren't being used against syslog files. The problem originated on an > older version of OSSEC. I'm running 1.0 now. The problem may be fixed, > but I lack the time to test it out. Make sure your PIX is not set to log timestamps and the hostname. This will cause what you're seeing. I'd like to see support added for this format as well, since there is a possibility that the timestamp on the PIX log will be different than the syslog server timestamp. The PIX timestamp in this case would be more trustworthy.
