Hi Dan, When my phone / pc /ipad collects email I get an "dovecot authentication success" event. I could ignore this event by downrating it to zero in local_rules so it won't be logged, but I want to see all succesful authentications on my mailserver from hosts that are not my own (since I am the only one using it). Same goes for ftp, ssh etc In case someone hacks my server, or steals my credentials that would light up on my dash.
My home internet connection has a dynamic ip, but by using a dyndns provider (duckdns) I have a static own domainname. However, ossec lookups always return the dynamic hostname my provider gave me, and never my dyndns hostname since they don't update dns records (no authority). If I lookup my dyndns hostname on my ossec manager I get my ip. But if I lookup my ip I get my providers hostname wich is not static. So: connection from xxx.xxx.xxx.xxx resolves to dip-t-somewhat-hostname (within ossec). I am looking for a way to let ossec check if ip xxx.xxx.xxx.xxx is my myhost.duckdns.org hostname, and if it is, ignore the event. On Wed, Aug 3, 2016 at 2:47 PM, dan (ddp) <[email protected]> wrote: > On Wed, Aug 3, 2016 at 1:48 AM, Herman Harperink > <[email protected]> wrote: > > Hi all, > > > > Can somebody hint me in the right direction on this? > > I have two dynamic hosts with a ddns hostname and I don't want those to > trigger events. But I can't find a way to do that anywhere. > > > > Thanks in advance. > > > > Remove the agents from those hosts? I'm probably misunderstanding > something, maybe an example of what you don't want to see would help? > > > Herman > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "ossec-list" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ossec-list/6e9ehDQW_jE/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
