Hi Daniel thanks for your quick response. A colleague of mine and me have decided that the false positive are 'not so positive' and probably are worth a notice. So everything is fine for us. Thanks a lot
Valerio Daelli On 9/18/07, Daniel Cid <[EMAIL PROTECTED]> wrote: > > Hi Valerio, > > Yes, OSSEC can monitor named logs and you need to use the "syslog" log > format in the config. You need to look at our rules to see what is wrong... > > Can you submit the logs that are generating the false positive to us? It would > be much easier to fix them with that in hand. > > Thanks, > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > > On 9/17/07, Valerio Daelli <[EMAIL PROTECTED]> wrote: > > > > Hi > > we use ossec-hids 1.3 on FreeBSD and we would like to monitor > > the logs of BIND. > > If we use a log_format of 'named' the server cannot even start. > > If we use a log_format of syslog for the log file of named we get tons > > of false positives. > > Is it possible on ossec-hids 1.3 to monitor the logs of named? > > Which log_format should we use? > > Thanks a lot > > > > Valerio Daelli > > >
