Hello to all. A few weeks ago I mentioned that I'd upgraded to O-H-0.9-2 (now at O-H-0.9-3). Since then, I've been getting the following alerts from my mail server:
OSSEC HIDS Notification. 2006 Sep 27 15:32:22 Received From: (plymouth) 192.168.1.2->/var/log/messages Rule: 40101 fired (level 12) -> "System user sucessfully logged on the system." Portion of the log(s): su(pam_unix)[8027]: session opened for user nobody by (uid=0) --END OF NOTIFICATION Hope noone minds, but I didn't get a reply to my original post, and thought I'd ask again - How would I filter out that specific alert? I'd greatly appreciate your help. Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
