Hi list, I have not found in the docs if it's possible to show in the alert e-mail the reverse lookup instead of the IP. In my environmnet I set up geoip, however when an internal address is decoded RFC 1918 is show instead (which is correct!).
Example: Rule: 31533 fired (level 10) -> "High amount of POST requests in a small period of time (likely bot)." Src Location: RFC1918 IP Portion of the log(s): 10.0.32.179 - - [23/Jan/2015:11:52:13 +0000] "POST /uploads.js?attachment_id=8& In these cases where RFC1918 IP is shown it is interesting for us to show the reverse DNS in order to know the responsible for that workstation or at least the location inside the internal network. Is it already coded in OSSEC? If not, where should I start taking a look (into the code)? Thank you -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
