On Thu, Feb 16, 2017 at 11:57 AM, Eduardo Reichert Figueiredo
wrote:
> Hi all,
> i tested ossec with agents (windows) set ip 10.10.10.0/24, and alway
> computer within network response with your log (file integrity, evnt vwr).
> But, when i have alert of integrity file (syscheck) my alert not display the
> hostname of windows and only dispaly name of agent before configured (this
> is default ok)
>
> So, how i can change my rule in windows, for this log of syschek display
> hostname of S.O and not dispaly of Agent OSSEC.
>
> Also, in agentless for monitoring Linux, too is interesting adding hostname
> in log of syscheck.
>
> How anyone done this?
>
>
> Ex - Default:
> 2010 Jan 04 10:13:58,0 - C:\WINDOWS\system32\drivers\etc\Hostss
> File changed. - 1st time modified.
> Integrity checking values:
>Size: >28050
>Perm: rw-r--r--
>Uid: 0
>Gid: 0
>Md5: >50da55def41bcede7d42ac5ee8fe12c9
>Sha1: >97f4b2b48a97321a3e245221e0ea4353cf4fa8ef
>
> What i want will take:
>
> 2010 Jan 05 10:11:58,0 - C:\WINDOWS\system32\drivers\etc\Hostss
> File changed. - 1st time modified.
> Integrity checking values:
>Hostname: myWinFileServer
>Size: >28050
>Perm: rw-r--r--
>Uid: 0
>Gid: 0
>Md5: >50da55def41bcede7d42ac5ee8fe12c9
>Sha1: >97f4b2b48a97321a3e245221e0ea4353cf4fa8ef
>
You'll have to modify the source. OSSEC generally doesn't care about
the hostname, just the agent name.
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.