Hi, Just started using ossec and it's great for my needs, monitoring OpenVZ containers.
I've set up alerting to a MySQL database and that's working OK. In the 'alert' table though there is a field called src_ip and I'm not sure what number is being logged here? It's not an IP address and I can't see that it's a lookup refence to another table. select * from alert limit 10; +----+-----------+---------+------------+-------------+------------ +--------+----------+----------+ | id | server_id | rule_id | timestamp | location_id | src_ip | dst_ip | src_port | dst_port | +----+-----------+---------+------------+-------------+------------ +--------+----------+----------+ | 3 | 1 | 5706 | 1304272050 | 3 | 1159222217 | NULL | NULL | NULL | | 4 | 1 | 31101 | 1304272174 | 4 | 1372152755 | NULL | NULL | NULL | Am I missing something obvious? Thanks, Matt
