Re: [psad-discuss] Psad mail output

Sun, 08 Mar 2015 08:21:07 -0700 

On Sun, Mar 8, 2015 at 3:49 AM, Shlomit Afgin <shlomit.af...@weizmann.ac.il>
wrote:

>
>  Hi,
>  I install psad on few Linux machines.
>  I get of emails with:
>
>   …
>
>        Syslog hostname: unknown
>
>
psad attempts to extract the hostname from the iptables log messages
reported by syslog, but in this case it doesn't look like it was able to do
this. The "unknown" string is a fallback just in case psad wasn't able to
extract the hostname (as shown above).  Would you mind sending me a few of
your iptables log messages so I can troubleshoot this? You can anonymize
the IP addresses if you like. Usually something like "grep OUT=
/var/log/messages" will do the trick unless you are running on a system
where syslog messages are available through journalctl.

Also, what Linux distro and version of psad are you running?  (Use "psad
-V" to get the version.)



>
>  …
> [+] Whois Information (source IP):
> Whois data not available!
>
>

Is the source IP actually blank in the psad email? That would be strange.

There were some fixes in psad-2.2.4 for whois data processing.

Thanks,

--Mike




>
>
>  I cannot know from which machine it coming.
>
>  What the server  missing that I’m not getting      'syslog hostname'
>  and      'whois information’    ?
>
>  Thanks.
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> psad-discuss mailing list
> psad-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/psad-discuss
>
>


-- 
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to