diff options
Diffstat (limited to '')
-rw-r--r-- | source/configuration/input_directives/rsconf1_dropmsgswithmaliciousdnsptrrecords.rst | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/source/configuration/input_directives/rsconf1_dropmsgswithmaliciousdnsptrrecords.rst b/source/configuration/input_directives/rsconf1_dropmsgswithmaliciousdnsptrrecords.rst new file mode 100644 index 0000000..81562ef --- /dev/null +++ b/source/configuration/input_directives/rsconf1_dropmsgswithmaliciousdnsptrrecords.rst @@ -0,0 +1,22 @@ +$DropMsgsWithMaliciousDnsPTRRecords +----------------------------------- + +**Type:** global configuration parameter + +**Default:** off + +**Description:** + +Rsyslog contains code to detect malicious DNS PTR records (reverse name +resolution). An attacker might use specially-crafted DNS entries to make +you think that a message might have originated on another IP address. +Rsyslog can detect those cases. It will log an error message in any +case. If this option here is set to "on", the malicious message will be +completely dropped from your logs. If the option is set to "off", the +message will be logged, but the original IP will be used instead of the +DNS name. + +**Sample:** + +``$DropMsgsWithMaliciousDnsPTRRecords on`` + |