Understood. I'm putting in hostnames for agent names, so in my case, it applies.
On Thursday, October 20, 2016 at 3:44:59 AM UTC-7, dan (ddpbsd) wrote: > > On Wed, Oct 19, 2016 at 9:49 PM, <r...@bitgo.com <javascript:>> wrote: > > I've recently setup my ossec server to output alerts to a json file. > I'm > > sending it over to logstash and elasticsearch. I'd like to create a > kibana > > dashboard that defines individual ossec agent hosts. > > > > The issue is that the json doesn't have it's own dedicated field for > agent > > host. Here's an example alert event (location field): > > "(example-host) 10.0.0.5->/var/log/messages" > > > > Notice how the actual agent hostname is in parenthesis? This makes it > very > > I don't think that's the hostname, I think it's the agent name. > > > difficult to unique on hostname alone. It would be much better if there > was > > another field called location.agentHost or some other field that > contains > > just the agent hostname. > > > > Anyone know of a workaround so I can get the agent hostname in a json > field > > all by itself? > > > > You can submit a pull request to https://github.com/ossec/ossec-hids > Any contributions are appreciated! > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
