On Tue, Jan 17, 2012 at 6:12 AM, edson <[email protected]> wrote: > I am receiving this message from ossec a lot of times: > > OSSEC HIDS Notification. > 2012 Jan 17 08:29:48 > > Received From: SR430->/var/log/syslog > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." > Portion of the log(s): > > Jan 17 08:29:48 SR430 ata_id[8424]: HDIO_GET_IDENTITY failed for '/dev/sdb': > Invalid argument > > > > --END OF NOTIFICATION > > > I don't know how to solve or stop this alarm. I tried to find out this error > on the net, but, the answers don't show anything valueable. The HD /dev/sdb > is working correctly, both in Linux and Windows. I checked the file system > (NTFS partition - 1 TB) and nothing wrong is found. This HD is mounted on a > USB Box, it is a backup HD. Thanks for any help.
Based on a quick google search I'd say your log message is pretty worthless (although you might want to track it down). So write a rule to ignore the message.
