Hi Adriel, Can you provide a few examples? We try to extract the source ip address whenever it is available on the logs... Different log formats shouldn't be a problem, since we can handle them all on the decoders.
Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Wed, Jul 16, 2008 at 10:30 AM, Adriel Desautels <[EMAIL PROTECTED]> wrote: > Greetings, > One thing that I feel that OSSEC is lacking is the ability to extract > source IP addresses for key events. It does fill in the destination IP > address properly now, and that really helps out a lot. Doing the source > IP address would complete the picture. > > I realize how much of a challenge it would be due to the various log > formats, etc, but is this something that is in the plans? > > Regards, > Adriel T. Desautels > Chief Technology Officer > Netragard, LLC. > Office : 617-934-0269 > Mobile : 617-633-3821 > http://www.linkedin.com/pub/1/118/a45 > > Join the Netragard, LLC. Linked In Group: > http://www.linkedin.com/e/gis/48683/0B98E1705142 > > --------------------------------------------------------------- > Netragard, LLC - http://www.netragard.com - "We make IT Safe" > Penetration Testing, Vulnerability Assessments, Website Security > > Netragard Whitepaper Downloads: > ------------------------------- > Choosing the right provider : http://tinyurl.com/2ahk3j > Three Things you must know : http://tinyurl.com/26pjsn >
