OK, figured it out. When I add an agent on the OSSEC server, I need to put in the FQDN as the name.
So on the server, I run manage-agents Hit a to add then put in the FQDN for the name plug in it's IP address enter a unique number indentifier and that's it On Monday, July 22, 2013 3:11:56 PM UTC-5, Chris Kempel wrote: > > I did see a post earlier about having to modify the source code. However, > I do not understand where it's getting the %s value. > > #define MAIL_SUBJECT "OSSEC Notification - %s - Alert level %d" > > If I knew that then I would be able to modify. > > When you say agent name, is it possible for me to change that? Is that > done via the manage-agents executable? > > > On Monday, July 22, 2013 3:02:18 PM UTC-5, dan (ddpbsd) wrote: >> >> On Mon, Jul 22, 2013 at 4:00 PM, Chris Kempel <[email protected]> >> wrote: >> > No, it's referring to ocs since that's the hostname that the agent is >> > running on. >> > >> > On Monday, July 22, 2013 2:50:54 PM UTC-5, dan (ddpbsd) wrote: >> >> >> >> On Mon, Jul 22, 2013 at 3:48 PM, Chris Kempel <[email protected]> >> wrote: >> >> > Is it possible to have alerts display the FQDN? Like the example >> below. >> >> > >> >> > OSSEC HIDS Notification. >> >> > 2013 Jul 22 14:16:42 >> >> > >> >> > Received From: (ocs) X.X.X.X->ossec >> >> > Rule: 503 fired (level 3) -> "Ossec agent started." >> >> > Portion of the log(s): >> >> > >> >> > ossec: Agent started: 'ocs->X.X.X.X'. >> >> > >> >> > Right now it shows ocs but I would like it to display the FQDN >> >> > ocs.mydomain.com instead. >> >> > >> >> > Where do I configure that? >> >> > >> >> >> >> Isn't that the agent name, not the hostname? >> >> >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> send >> >> > an >> >> > email to [email protected]. >> >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> > >> >> > >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > >> >> Interesting. On my system it's the agent name.Are you using the secure >> transport mode or syslog? >> >> You'll have to modify the source to get it to work the way you want. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
