I know that, but maybe somebody know a way around that. Thats why I ask.There is always a way, and I will find it :-)
Thanks. On Wed, Aug 3, 2016 at 4:16 PM, dan (ddp) <[email protected]> wrote: > On Wed, Aug 3, 2016 at 9:07 AM, Herman Harperink > <[email protected]> wrote: > > Hi Dan, > > > > When my phone / pc /ipad collects email I get an "dovecot authentication > > success" event. I could ignore this event by downrating it to zero in > > local_rules so it won't be logged, but I want to see all succesful > > authentications on my mailserver from hosts that are not my own (since I > am > > the only one using it). Same goes for ftp, ssh etc > > In case someone hacks my server, or steals my credentials that would > light > > up on my dash. > > > > My home internet connection has a dynamic ip, but by using a dyndns > provider > > (duckdns) I have a static own domainname. However, ossec lookups always > > return the dynamic hostname my provider gave me, and never my dyndns > > hostname since they don't update dns records (no authority). > > If I lookup my dyndns hostname on my ossec manager I get my ip. But if I > > lookup my ip I get my providers hostname wich is not static. > > > > So: connection from xxx.xxx.xxx.xxx resolves to dip-t-somewhat-hostname > > (within ossec). I am looking for a way to let ossec check if ip > > xxx.xxx.xxx.xxx is my myhost.duckdns.org hostname, and if it is, ignore > the > > event. > > > > There is no facility to do DNS lookups in the analysis engine. > > > > > > > On Wed, Aug 3, 2016 at 2:47 PM, dan (ddp) <[email protected]> wrote: > >> > >> On Wed, Aug 3, 2016 at 1:48 AM, Herman Harperink > >> <[email protected]> wrote: > >> > Hi all, > >> > > >> > Can somebody hint me in the right direction on this? > >> > I have two dynamic hosts with a ddns hostname and I don't want those > to > >> > trigger events. But I can't find a way to do that anywhere. > >> > > >> > Thanks in advance. > >> > > >> > >> Remove the agents from those hosts? I'm probably misunderstanding > >> something, maybe an example of what you don't want to see would help? > >> > >> > Herman > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, send > >> > an email to [email protected]. > >> > For more options, visit https://groups.google.com/d/optout. > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to a topic in the > >> Google Groups "ossec-list" group. > >> To unsubscribe from this topic, visit > >> https://groups.google.com/d/topic/ossec-list/6e9ehDQW_jE/unsubscribe. > >> To unsubscribe from this group and all its topics, send an email to > >> [email protected]. > >> For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "ossec-list" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ossec-list/6e9ehDQW_jE/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
