Hi all, i tested ossec with agents (windows) set ip 10.10.10.0/24, and alway computer within network response with your log (file integrity, evnt vwr). But, when i have alert of integrity file (syscheck) my alert not display the hostname of windows and only dispaly name of agent before configured (this is default ok)
So, how i can change my rule in windows, for this log of syschek display hostname of S.O and not dispaly of Agent OSSEC. Also, in agentless for monitoring Linux, too is interesting adding hostname in log of syscheck. How anyone done this? Ex - Default: 2010 Jan 04 10:13:58,0 - C:\WINDOWS\system32\drivers\etc\*Hostss* File changed. - 1st time modified. Integrity checking values: Size: >28050 Perm: rw-r--r-- Uid: 0 Gid: 0 Md5: >50da55def41bcede7d42ac5ee8fe12c9 Sha1: >97f4b2b48a97321a3e245221e0ea4353cf4fa8ef What i want will take: 2010 Jan 05 10:11:58,0 - C:\WINDOWS\system32\drivers\etc\*Hostss* File changed. - 1st time modified. Integrity checking values: Hostname: myWinFileServer Size: >28050 Perm: rw-r--r-- Uid: 0 Gid: 0 Md5: >50da55def41bcede7d42ac5ee8fe12c9 Sha1: >97f4b2b48a97321a3e245221e0ea4353cf4fa8ef -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
