Hi Will, Can you provide a few more details? A few examples? You meant that instead of the ip address you can have the hostname in the logs? If that's the case we should fix the decoder for that...
Btw, we have pix information at: http://www.ossec.net/wiki/index.php/PIX_and_IOS_Syslog_Config_examples#Configuring_PIX Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Dec 6, 2007 1:15 AM, Will Metcalf <[EMAIL PROTECTED]> wrote: > > Just an FYI as I couldn't find anything about it on the OSSEC wiki for > PIX logs. If you are using names in your PIX/ASA config the decoder > seems to be broken as it is trying to match y.y.y.y but if you are > using names (which is helpful when you have a few thousand rules to > manage) you could have string instead i.e. "y.y.y.y" would instead be > "someservername". You can turn off names by issuing the no names > command or do what I did and change the decoder to match on a non > white space string, which hasn't seemed to cause any issues for me > anyway ;-) > > Regards, > > Will >
