On Dec 5, 2012 6:27 PM, "Scott" <[email protected]> wrote: > > Am I doing something wrong? Most of my ossec alerts have the server's hostname instead of the sending system's hostname. > > If I call my server "ossec" and other servers "host1", "host2", etc, send syslog UDP messages to "abc", then I may get these messages: > > 2012 Dec 05 23:02:08 host1->1.2.3.5 Dec 5 15:02:08 def sbn[92413]: testing [this one looks right] > 2012 Dec 05 23:04:01 ossec->1.2.3.6 sbn: testing [this one does not] > 2012 Dec 05 23:05:00 ossec->1.2.3.7 sbn: testing [this one does not] > > Thanks
I have no idea what this means.
