On Wed, Aug 3, 2016 at 9:07 AM, Herman Harperink
<
herman.h...@gmail.com> wrote:
> Hi Dan,
>
> When my phone / pc /ipad collects email I get an "dovecot authentication
> success" event. I could ignore this event by downrating it to zero in
> local_rules so it won't be logged, but I want to see all succesful
> authentications on my mailserver from hosts that are not my own (since I am
> the only one using it). Same goes for ftp, ssh etc
> In case someone hacks my server, or steals my credentials that would light
> up on my dash.
>
> My home internet connection has a dynamic ip, but by using a dyndns provider
> (duckdns) I have a static own domainname. However, ossec lookups always
> return the dynamic hostname my provider gave me, and never my dyndns
> hostname since they don't update dns records (no authority).
> If I lookup my dyndns hostname on my ossec manager I get my ip. But if I
> lookup my ip I get my providers hostname wich is not static.
>
> So: connection from xxx.xxx.xxx.xxx resolves to dip-t-somewhat-hostname
> (within ossec). I am looking for a way to let ossec check if ip
> xxx.xxx.xxx.xxx is my
myhost.duckdns.org hostname, and if it is, ignore the
> event.
>