I thank you dan (dpp) and SuilAmhain ([email protected]) by your
answers. In my research on the net, I discover that this seams to be a
fault in a particular Kernel version. I got this error only in Ubuntu
(11.10 - that I use in my notebook), in other distributions, I don't
receive the same message. I was looking for a way to deactive this
behavior doing one of two things. One, patching the kernel, another,
writing a rule in ossec to get rid of this message.
In the Ubuntu community, people say that this error will be corrected on
new versions of the kernel.
So, again, thank you very much.
Em 17-01-2012 22:06, dan (ddp) escreveu:
On Tue, Jan 17, 2012 at 6:12 AM, edson<[email protected]> wrote:
I am receiving this message from ossec a lot of times:
OSSEC HIDS Notification.
2012 Jan 17 08:29:48
Received From: SR430->/var/log/syslog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Jan 17 08:29:48 SR430 ata_id[8424]: HDIO_GET_IDENTITY failed for '/dev/sdb':
Invalid argument
--END OF NOTIFICATION
I don't know how to solve or stop this alarm. I tried to find out this error
on the net, but, the answers don't show anything valueable. The HD /dev/sdb
is working correctly, both in Linux and Windows. I checked the file system
(NTFS partition - 1 TB) and nothing wrong is found. This HD is mounted on a
USB Box, it is a backup HD. Thanks for any help.
Based on a quick google search I'd say your log message is pretty
worthless (although you might want to track it down). So write a rule
to ignore the message.
