On Thu, Apr 6, 2017 at 1:29 PM, Jake B. <cspitr....@gmail.com> wrote: > Ok I'll do that. Also, not sure if you know but thought I'd ask anyway...Is > there anyway to use the agents name in a rule or decoder? I have my agents > named after the hostname so I was thinking that could potentially be another > option. Don't see anything about it in the documentation however. >
It's either hostname or location, but I can never remember which. > On Thursday, April 6, 2017 at 10:16:49 AM UTC-7, dan (ddpbsd) wrote: >> >> On Wed, Apr 5, 2017 at 11:13 AM, Jake B. <cspit...@gmail.com> wrote: >> > I'm not server if this is a problem with the OSSEC configuration or the >> > host >> > itself, but there are some events where the logs or full message only >> > have >> > some of the information I need. For example, this will be the full >> > message I >> > receive (2016-02-03 14:16:35 status installed some_package). The email >> > alert >> > will give me the agent name it sent it from, but I am not receiving the >> > hostname as well. It seems to be that most events do give the full >> > message, >> > but I'm starting to notice some that don't so wondering if I should be >> > looking to fix this on the OSSEC side or making sure the system is fully >> > logging or sending everything over. Thanks! >> > >> >> All of my test systems are down due to weather at the moment, but >> check the agent's logs to see if the hostname is included. >> If the hostname isn't included in the log, there's no way for OSSEC to add >> it. >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to ossec-list+...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.