In our case that wouldn't help, as the IP's have no publicly known unique host name
The reply in mail would be like 2015-06-10T12:21:34.065499+02:00 localhost sshd[30702]: reverse mapping checking getaddrinfo for static.our.provider.net [1.2.3.4] failed - POSSIBLE BREAK-IN ATTEMPT! $ host 1.2.3.4 4.3.2.1.in-addr.arpa domain name pointer static.our.provider.net. Op woensdag 10 juni 2015 15:40:07 UTC+2 schreef Binet, Valere (NIH/NIA/IRP) [C]: > > We once had the same problem and solved it by adding the host name in > the whitelist. > > Hoping this helps. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
