Greetings,
One thing that I feel that OSSEC is lacking is the ability to extract
source IP addresses for key events. It does fill in the destination IP
address properly now, and that really helps out a lot. Doing the source
IP address would complete the picture.
I realize how much of a challenge it would be due to the various log
formats, etc, but is this something that is in the plans?
Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45
Join the Netragard, LLC. Linked In Group:
http://www.linkedin.com/e/gis/48683/0B98E1705142
---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security
Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn
begin:vcard
fn:Adriel T Desautels
n:Desautels;Adriel T
org:Netragard, LLC.
adr:;;17 Sheldon Road;Mendham ;NJ;;USA
email;internet:[EMAIL PROTECTED]
title:Chief Technology Officer
tel;work:617-934-0269
tel;cell:617-633-3821
x-mozilla-html:FALSE
url:http://www.netragard.com
version:2.1
end:vcard
