[ossec-list] Re: OSSEC 1.4 Destination IP, Source port, Destination Port NOT PARSE

Mon, 14 Jan 2008 04:31:25 -0800 

Thanks, Daniel. Hopefully this can be integrated in the database on the
next version.

Sherwin

-----Original Message-----
From: [email protected] [mailto:[EMAIL PROTECTED]
On Behalf Of Daniel Cid
Sent: Monday, January 14, 2008 6:25 PM
To: [email protected]
Subject: [ossec-list] Re: OSSEC 1.4 Destination IP, Source port,
Destination Port NOT PARSE


Hi Sherwin,

OSSEC parses this data and you can see them at
/var/ossec/logs/firewall/firewall.log, but currently
it is not storing that in the database. It only stores whatever is
written at the alerts.log, which does not
include the dstip, ports, etc. However, it is in our todo list, to
handle that for the next release.

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net



On Jan 11, 2008 1:57 PM, Sherwin P. William Abocejo
<[EMAIL PROTECTED]> wrote:
>
> Hi All,
>
> I just wondering why ossec 1.4 did not parse the Destination IP,
Source
> Port and Destination Port and throw in the database? I have this
>
> alert....
>
> OSSEC HIDS Notification.
> 2008 Jan 11 10:20:39
>
> Received From: sdnasim->192.168.32.1
> Rule: 4151 fired (level 10) -> "Multiple Firewall drop events from
same
> source."
> Portion of the log(s):
>
> %PIX-7-710005: UDP request discarded from 192.168.32.43/138 to
> inside:192.168.32.255/netbios-dgm
> %PIX-7-710005: UDP request discarded from 192.168.32.43/137 to
> inside:192.168.32.255/netbios-ns
> %PIX-7-710005: UDP request discarded from 192.168.32.43/137 to
> inside:192.168.32.255/netbios-ns
> %PIX-7-710005: UDP request discarded from 192.168.32.43/137 to
> inside:192.168.32.255/netbios-ns
> %PIX-7-710005: UDP request discarded from 192.168.32.43/137 to
> inside:192.168.32.255/netbios-ns
> %PIX-7-710005: UDP request discarded from 192.168.32.43/137 to
> inside:192.168.32.255/netbios-ns
> %PIX-7-710005: UDP request discarded from 192.168.32.43/137 to
> inside:192.168.32.255/netbios-ns
> %PIX-7-710005: UDP request discarded from 192.168.32.43/138 to
> inside:192.168.32.255/netbios-dgm
> %PIX-7-710005: UDP request discarded from 192.168.32.43/137 to
> inside:192.168.32.255/netbios-ns
> %PIX-7-710005: UDP request discarded from 192.168.32.43/137 to
> inside:192.168.32.255/netbios-ns
>
>
>
>  --END OF NOTIFICATION
>
> -------------------
>
> Is it the design of the ossec that it wont parse those info? Why there
> are such fields in the database and the values always NULL?
>
> Sherwin
>

Reply via email to