This isn't an OSSEC error. What you got is ntop syslogging a message and OSSEC doesn't recognize it. Hence the " Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system."
You have two options: 1) fix the root of the problem with ntop 2) write a local rule in OSSEC to handle this message differently (such as ignore it) --S On 11/8/07 2:31 AM, "Gareth Slaven" <[EMAIL PROTECTED]> wrote: > Hi there ... > > > > We are getting hundreds of this email a day and I have no idea how to stop > it or fix what's wrong because ntop is running fine can something help me > understand what the problem is and how to fix it ? btw I xx ed out the ip > addresses ... > > > > Many thanks > > > > > > OSSEC HIDS Notification. > > 2007 Nov 08 12:00:46 > > > > Received From: neo->/var/log/messages > > Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system." > > Portion of the log(s): > > > > Nov 8 12:00:45 neo ntop[11016]: **WARNING** RRD: > rrd_update(/usr/local/var/ntop/rrd/interfaces/eth0/matrix/196.35.xx.xxx/196. > 35.xx.xxx/pkts.rrd) error: illegal attempt to update using time 1194516045 > when last update time is 1194516045 (minimum one second step) > > > > > > > > --END OF NOTIFICATION > > > > > > > > > > > > > > > > Regards > > Gareth Slaven ([EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> ) > ENSIGHT | Digital Innovation > Website: http://www.ensight.co.uk <http://www.ensight.co.uk> > __________________________________________ > > This is a confidential message for the named person's use only. It may > contain confidential, proprietary or legally privileged information. > If you receive this message in error please notify the sender and > immediately delete the message. You must not, directly or indirectly, > use, disclose, distribute, print or copy any part of this message if you are > not the intended recipient. All views expressed in this message > are those of the individual sender and do not necessarily reflect those of > ENVENT Holdings (Pty) Ltd. > > >
