search

ossec / ossec-hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
http://www.ossec.net
Other
4.42k stars 1.03k forks source link

Make system_name available for CDB list matching #628

Open labrown opened 9 years ago

labrown commented 9 years ago

I have a use case where I need to be able to do a CDB list lookup based on the 'system_name' decoded from Windows server logs, but that is not an available variable for CDB lists.

jrossi commented 9 years ago

https://github.com/ossec/ossec-hids/blob/master/src/analysisd/analysisd.c#L1365 https://github.com/ossec/ossec-hids/blob/master/src/analysisd/analysisd.c#L1373 https://github.com/ossec/ossec-hids/blob/eb69de7918e33ae7d806a5a14c7d5ca2f0947ad5/src/analysisd/decoders/decoder.c#L382 https://github.com/ossec/ossec-hids/blob/eb69de7918e33ae7d806a5a14c7d5ca2f0947ad5/src/analysisd/rules.h#L52

would be the starting point of adding this. No logic changes would be needed. If you run into problems I would be happy to help.