On Thu, Feb 16, 2017 at 11:57 AM, Eduardo Reichert Figueiredo <[email protected]> wrote: > Hi all, > i tested ossec with agents (windows) set ip 10.10.10.0/24, and alway > computer within network response with your log (file integrity, evnt vwr). > But, when i have alert of integrity file (syscheck) my alert not display the > hostname of windows and only dispaly name of agent before configured (this > is default ok) > > So, how i can change my rule in windows, for this log of syschek display > hostname of S.O and not dispaly of Agent OSSEC. > > Also, in agentless for monitoring Linux, too is interesting adding hostname > in log of syscheck. > > How anyone done this? > > > Ex - Default: > 2010 Jan 04 10:13:58,0 - C:\WINDOWS\system32\drivers\etc\Hostss > File changed. - 1st time modified. > Integrity checking values: > Size: >28050 > Perm: rw-r--r-- > Uid: 0 > Gid: 0 > Md5: >50da55def41bcede7d42ac5ee8fe12c9 > Sha1: >97f4b2b48a97321a3e245221e0ea4353cf4fa8ef > > What i want will take: > > 2010 Jan 05 10:11:58,0 - C:\WINDOWS\system32\drivers\etc\Hostss > File changed. - 1st time modified. > Integrity checking values: > Hostname: myWinFileServer > Size: >28050 > Perm: rw-r--r-- > Uid: 0 > Gid: 0 > Md5: >50da55def41bcede7d42ac5ee8fe12c9 > Sha1: >97f4b2b48a97321a3e245221e0ea4353cf4fa8ef >
You'll have to modify the source. OSSEC generally doesn't care about the hostname, just the agent name. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
