-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi OSSEC listers,
First of all, a much-deserved "strong work" to all developers and
contributors. This is a very, very flexible package that (gasp) makes
me want to relearn what I've forgotten about regexes!
Now, to the point, I'm getting the following in ossec.log every
time a rule fires:
2007/03/21 10:28:00 ossec-analysisd(1275): Invalid hostname in syslog
message: 'Mar 21 15:28:00 [EMAIL PROTECTED] sshd[XXXXX]: Accepted
password for user from ::ffff:X.X.X.X port XXXXX ssh2'.
It looks like ossec-analysisd is choking on the log format whic contains
the source driver identifier (in this case s_local) most likely due to
the @ character since it's not an allowed character for a host....I
think it's a null in ascii, but I might be wrong.
In any event, since this is the default behavior of syslog-ng and a
useful feature, I'm wondering if anyone else has encountered it and can
help mt think my way out of this paper bag.
thanks,
Matt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQEVAwUBRgF01zg7f5odKTjvAQjX8wf+PLoFCYb8q+oWG7HgUeMkruP7amoDXYNT
1VTNEOFP2cycle0UlA7p3T1ieZdbUz1ZOysSC6z+Z2aLV6ILxUQSIVV8tpxFwA9v
7cPqq8BOjtcQsOGHTxXnyLzhpYxp6l/blYNOpZbgWDbXU4uly5AnwSaXemOWn7Tu
HMY/qOiTTTrnCbaWjALw33pJ1LdcyNSHNEGDmb/dp/IDSve3tt4hUx0YAKNCuXpT
68Fnisw4kp5m1zvaGE0LWbIl8dN/bkgA1FiUYLlMwH4gOf0S/XkUQozWzRgZ5+ZE
QDemyfQFGtk408p5m3kA14J/jlnNR1I5Kr1p2hsfl7lDnaE7nhDLrg==
=hIof
-----END PGP SIGNATURE-----
