On Mon, Jul 22, 2013 at 4:00 PM, Chris Kempel <[email protected]> wrote: > No, it's referring to ocs since that's the hostname that the agent is > running on. > > On Monday, July 22, 2013 2:50:54 PM UTC-5, dan (ddpbsd) wrote: >> >> On Mon, Jul 22, 2013 at 3:48 PM, Chris Kempel <[email protected]> wrote: >> > Is it possible to have alerts display the FQDN? Like the example below. >> > >> > OSSEC HIDS Notification. >> > 2013 Jul 22 14:16:42 >> > >> > Received From: (ocs) X.X.X.X->ossec >> > Rule: 503 fired (level 3) -> "Ossec agent started." >> > Portion of the log(s): >> > >> > ossec: Agent started: 'ocs->X.X.X.X'. >> > >> > Right now it shows ocs but I would like it to display the FQDN >> > ocs.mydomain.com instead. >> > >> > Where do I configure that? >> > >> >> Isn't that the agent name, not the hostname? >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > >
Interesting. On my system it's the agent name.Are you using the secure transport mode or syslog? You'll have to modify the source to get it to work the way you want. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
