Hello, If it helps, we use labels (Wazuh) on every agent so that we have the host name for every log, even if the host name and ip are not in the logs. We have our own agent that installs the ossec, Nessus and all beats agents and populates the labels automatically for all of our customers. You could probably do something similar with puppet, chef, or ansible. Labels in ossec was a feature we requested to solve this very condition.
Thank you, Jared > On May 7, 2018, at 2:48 PM, Александр Канайкин <alex.kanay...@gmail.com> > wrote: > > Thanks anyway. Still searching for resolution. > >> On Mon, May 7, 2018, 21:36 David Lang <da...@lang.hm> wrote: >> Sorry, I'm replying to a different mailing list than I thought I was (I >> thought >> I was replying to a message on the rsyslog mailing list) >> >> On Mon, 7 May 2018, David Lang wrote: >> >> > please log some message using the template RSYSLOG_DebugFormat so that we >> > can >> > see what variables are in there. >> > >> > There is not a direct way to call name resolution if you have an IP >> > address >> > in the content, but you could use a table lookup. >> > >> > David Lang >> > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.