-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You may want to take a look at this: http://www.ossec.net/wiki/index.php/Know_How:Ignore_Rules and add something like this to your local_rules.xml file: <rule id="100100" level="0"> <if_sid>1002</if_sid> <program_name>ntop</program_name> <match>illegal attempt to update</match> <description>This is a non-issue</description> </rule> After you restart ossec, that should stop those emails. I hope that helps, - -David
Gareth Slaven wrote: > Hi there … > > > > We are getting hundreds of this email a day and I have no idea how to > stop it or fix what’s wrong because ntop is running fine can something > help me understand what the problem is and how to fix it ? btw I xx ed > out the ip addresses …// > > > > Many thanks > > > > > > OSSEC HIDS Notification. > > 2007 Nov 08 12:00:46 > > > > Received From: neo->/var/log/messages > > Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system." > > Portion of the log(s): > > > > Nov 8 12:00:45 neo ntop[11016]: **WARNING** RRD: > rrd_update(/usr/local/var/ntop/rrd/interfaces/eth0/matrix/196.35.xx.xxx/196.35.xx.xxx/pkts.rrd) > error: illegal attempt to update using time 1194516045 when last update > time is 1194516045 (minimum one second step) > > > > > > > > --END OF NOTIFICATION > > > > > > > > > > > > > > > > Regards > > **Gareth Slaven ([EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>**)*** > ENSIGHT | Digital Innovation > Website: http://www.ensight.co.uk > __________________________________________ > > This is a confidential message for the named person's use only. It may > contain confidential, proprietary or legally privileged information. > If you receive this message in error please notify the sender and > immediately delete the message. You must not, directly or indirectly, > use, disclose, distribute, print or copy any part of this message if you > are not the intended recipient. All views expressed in this message > are those of the individual sender and do not necessarily reflect those > of ENVENT Holdings (Pty) Ltd. > > > - -- _______________________________________________ GPG (http://www.gnupg.org/) key available from: http://www.kayakero.net/per/david/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.6 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHM1DNCzuSgviBh00RAuiLAJ0SyUPkaGEB9qN5uWbIvtABcgeFmACgg70W Z0Xry+EPWY0N1mz5vbQuAWU= =9NHp -----END PGP SIGNATURE-----
