What do you have so far? echo 'Feb 8 19:15:49 servername kernel: program[26416] general protection ip:3d2007f754 sp:7fff8c54be88 error:0 in libc-2.12.so[3d20000000+175000]' | /var/ossec/bin/ossec-logtest
On Tue, Feb 8, 2011 at 8:28 PM, upen <upendra.gan...@gmail.com> wrote: > > OSSEC HIDS Notification. > 2011 Feb 08 19:15:51 > > Received From: servername->/var/log/messages > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the > system." > Portion of the log(s): > > Feb 8 19:15:49 servername kernel: program[26416] general protection > ip:3d2007f754 sp:7fff8c54be88 error:0 in > libc-2.12.so[3d20000000+175000] > > > what should I add in to local_rules ?
