Post by Shlomit AfginHi,
I install psad on few Linux machines.
âŠ
Syslog hostname: unknown
psad attempts to extract the hostname from the iptables log messages
reported by syslog, but in this case it doesn't look like it was able to do
this. The "unknown" string is a fallback just in case psad wasn't able to
extract the hostname (as shown above). Would you mind sending me a few of
your iptables log messages so I can troubleshoot this? You can anonymize
the IP addresses if you like. Usually something like "grep OUT=
/var/log/messages" will do the trick unless you are running on a system
where syslog messages are available through journalctl.
Also, what Linux distro and version of psad are you running? (Use "psad
-V" to get the version.)
Post by Shlomit AfginâŠ
Whois data not available!
Is the source IP actually blank in the psad email? That would be strange.
There were some fixes in psad-2.2.4 for whois data processing.
Thanks,
--Mike
Post by Shlomit AfginI cannot know from which machine it coming.
What the server missing that Iâm not getting 'syslog hostname'
and 'whois informationâ ?
Thanks.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website,
sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for
all
things parallel software development, from weekly thought leadership blogs
to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
psad-discuss mailing list
https://lists.sourceforge.net/lists/listinfo/psad-discuss
--
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F