Brilliant, it was. Thank-you.
(In file: hostinfo.c) On Wednesday, August 13, 2014 2:42:17 PM UTC+1, dan (ddpbsd) wrote: > > On Wed, Aug 13, 2014 at 9:35 AM, Patrick S <[email protected] > <javascript:>> wrote: > > I've searched the decoder.xml file but there doesn't appear to be a > field > > (shown below) that would permit that. I'm guessing you won't know at > the > > top of your head but just through to post this update in case any out > there > > has came across this same problem. > > > > Look in src/analysisd/decoders. I think it'll be in there. > > > - Allowed fields: > > - location - where the log came from (only on FTS) > > - srcuser - extracts the source username > > - dstuser - extracts the destination (target) username > > - user - an alias to dstuser (only one of the two can be used) > > - srcip - source ip > > - dstip - dst ip > > - srcport - source port > > - dstport - destination port > > - protocol - protocol > > - id - event id > > - url - url of the event > > - action - event action (deny, drop, accept, etc) > > - status - event status (success, failure, etc) > > - extra_data - Any extra data > > > > On Monday, August 4, 2014 5:31:44 PM UTC+1, dan (ddpbsd) wrote: > >> > >> On Mon, Aug 4, 2014 at 12:28 PM, Patrick S <[email protected]> > wrote: > >> > Thanks for your reply; however in this case it's the server itself. > So > >> > I'm > >> > not sure if there's something else that can be modified to show the > >> > servers > >> > IP. > >> > > >> > >> Modify the source code to display the IP instead of the name. > >> > >> > > >> > On Monday, August 4, 2014 1:28:05 PM UTC+1, dan (ddpbsd) wrote: > >> >> > >> >> On Sun, Aug 3, 2014 at 7:37 AM, Patrick S <[email protected]> > wrote: > >> >> > In the below alert segment "Ubuntu" is displayed, how can I change > it > >> >> > so > >> >> > the > >> >> > alert displays the IP address of that computer for every alert? > >> >> > > >> >> > 2014 Jul 20 06:29:00 ubuntu->/var/log/auth.log > >> >> > > >> >> > >> >> I think that's the agent name given to the system when you added it > >> >> via manage_agents. Change that to the IP instead of the hostname, > and > >> >> it should work. > >> >> > >> >> > Thanks :) > >> >> > > >> >> > -- > >> >> > > >> >> > --- > >> >> > You received this message because you are subscribed to the Google > >> >> > Groups > >> >> > "ossec-list" group. > >> >> > To unsubscribe from this group and stop receiving emails from it, > >> >> > send > >> >> > an > >> >> > email to [email protected]. > >> >> > For more options, visit https://groups.google.com/d/optout. > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
