On Thu, Apr 6, 2017 at 1:29 PM, Jake B. <cspitr....@gmail.com> wrote:
> Ok I'll do that. Also, not sure if you know but thought I'd ask anyway...Is
> there anyway to use the agents name in a rule or decoder? I have my agents
> named after the hostname so I was thinking that could potentially be another
> option. Don't see anything about it in the documentation however.
>

It's either hostname or location, but I can never remember which.

> On Thursday, April 6, 2017 at 10:16:49 AM UTC-7, dan (ddpbsd) wrote:
>>
>> On Wed, Apr 5, 2017 at 11:13 AM, Jake B. <cspit...@gmail.com> wrote:
>> > I'm not server if this is a problem with the OSSEC configuration or the
>> > host
>> > itself, but there are some events where the logs or full message only
>> > have
>> > some of the information I need. For example, this will be the full
>> > message I
>> > receive (2016-02-03 14:16:35 status installed some_package). The email
>> > alert
>> > will give me the agent name it sent it from, but I am not receiving the
>> > hostname as well. It seems to be that most events do give the full
>> > message,
>> > but I'm starting to notice some that don't so wondering if I should be
>> > looking to fix this on the OSSEC side or making sure the system is fully
>> > logging or sending everything over. Thanks!
>> >
>>
>> All of my test systems are down due to weather at the moment, but
>> check the agent's logs to see if the hostname is included.
>> If the hostname isn't included in the log, there's no way for OSSEC to add
>> it.
>>
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to ossec-list+...@googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to