Hi all,
we're just testing Ossec in an office environment, and so far it looks really
promising.
But we've got an issue with our routers. There are several routers all over the
building, and the log files on the servers only show the IP addresses of the
routers, not of the computers behind them.
So eg if there's a router 192.168.1.100 and behind it a desktop 192.168.1.107,
Ossec will see in the server log files that 192.168.1.100 tried to log in, not
192.168.1.107.
So if there were a malware issue and a computer starts misbehaving, Ossec would
block the router, not the specific computer, and we wouldn't be able to tell
which computer caused that problem.
Is there any way to see the actual IP address?
Thank you! :)
Lyle
__________________________________________________________
Sent from Yahoo! Mail - a smarter inbox http://uk.mail.yahoo.com
