This isn't an OSSEC issue, so I'm not sure why you're asking about it here.
Five seconds on Google will show you that it's a problem with a parameter being passed to that disk by hdparm. If you don't want that error to occur, fix it. If you don't want OSSEC to tell you about it, suppress the alert. On Jan 17, 2012, at 5:12 AM, edson wrote: > I am receiving this message from ossec a lot of times: > > OSSEC HIDS Notification. > 2012 Jan 17 08:29:48 > > Received From: SR430->/var/log/syslog > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." > Portion of the log(s): > > Jan 17 08:29:48 SR430 ata_id[8424]: HDIO_GET_IDENTITY failed for '/dev/sdb': > Invalid argument > > > > --END OF NOTIFICATION > > > I don't know how to solve or stop this alarm. I tried to find out this error > on the net, but, the answers don't show anything valueable. The HD /dev/sdb > is working correctly, both in Linux and Windows. I checked the file system > (NTFS partition - 1 TB) and nothing wrong is found. This HD is mounted on a > USB Box, it is a backup HD. Thanks for any help.
