I did see a post earlier about having to modify the source code. However, I do not understand where it's getting the %s value.
#define MAIL_SUBJECT "OSSEC Notification - %s - Alert level %d" If I knew that then I would be able to modify. When you say agent name, is it possible for me to change that? Is that done via the manage-agents executable? On Monday, July 22, 2013 3:02:18 PM UTC-5, dan (ddpbsd) wrote: > > On Mon, Jul 22, 2013 at 4:00 PM, Chris Kempel > <[email protected]<javascript:>> > wrote: > > No, it's referring to ocs since that's the hostname that the agent is > > running on. > > > > On Monday, July 22, 2013 2:50:54 PM UTC-5, dan (ddpbsd) wrote: > >> > >> On Mon, Jul 22, 2013 at 3:48 PM, Chris Kempel <[email protected]> > wrote: > >> > Is it possible to have alerts display the FQDN? Like the example > below. > >> > > >> > OSSEC HIDS Notification. > >> > 2013 Jul 22 14:16:42 > >> > > >> > Received From: (ocs) X.X.X.X->ossec > >> > Rule: 503 fired (level 3) -> "Ossec agent started." > >> > Portion of the log(s): > >> > > >> > ossec: Agent started: 'ocs->X.X.X.X'. > >> > > >> > Right now it shows ocs but I would like it to display the FQDN > >> > ocs.mydomain.com instead. > >> > > >> > Where do I configure that? > >> > > >> > >> Isn't that the agent name, not the hostname? > >> > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/groups/opt_out. > >> > > >> > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > Interesting. On my system it's the agent name.Are you using the secure > transport mode or syslog? > > You'll have to modify the source to get it to work the way you want. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
