This is /var/ossec/logs/archives/archives.log 2014 May 17 12:07:07 mysystem->/var/log/syslog May 17 12:07:06 mysystem kernel: [62044.989418] usb 2-1.6: new high-speed USB device number 5 using ehci_hcd 2014 May 17 12:07:07 mysystem->/var/log/syslog May 17 12:07:07 mysystem mtp-probe: checking bus 2, device 5: "/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.6" 2014 May 17 12:07:07 mysystem->/var/log/syslog May 17 12:07:07 mysystem mtp-probe: bus: 2, device: 5 was not an MTP device 2014 May 17 12:07:07 mysystem->/var/log/syslog May 17 12:07:07 mysystem kernel: [62045.157639] scsi6 : usb-storage 2-1.6:1.0 2014 May 17 12:07:09 mysystem->/var/log/syslog May 17 12:07:08 mysystem kernel: [62046.156106] scsi 6:0:0:0: Direct-Access JetFlash Transcend 8GB 8.07 PQ: 0 ANSI: 2 2014 May 17 12:07:09 mysystem->/var/log/syslog May 17 12:07:08 mysystem kernel: [62046.156545] sd 6:0:0:0: Attached scsi generic sg2 type 0 2014 May 17 12:07:09 mysystem->/var/log/syslog May 17 12:07:08 mysystem kernel: [62046.157666] sd 6:0:0:0: [sdb] 15687680 512-byte logical blocks: (8.03 GB/7.48 GiB) 2014 May 17 12:07:09 mysystem->/var/log/syslog May 17 12:07:08 mysystem kernel: [62046.158288] sd 6:0:0:0: [sdb] Write Protect is off 2014 May 17 12:07:09 mysystem->/var/log/syslog May 17 12:07:08 mysystem kernel: [62046.158299] sd 6:0:0:0: [sdb] Mode Sense: 03 00 00 00 2014 May 17 12:07:09 mysystem->/var/log/syslog May 17 12:07:08 mysystem kernel: [62046.158890] sd 6:0:0:0: [sdb] No Caching mode page found 2014 May 17 12:07:09 mysystem->/var/log/syslog May 17 12:07:08 mysystem kernel: [62046.158904] sd 6:0:0:0: [sdb] Assuming drive cache: write through 2014 May 17 12:07:09 mysystem->/var/log/syslog May 17 12:07:08 mysystem kernel: [62046.161903] sd 6:0:0:0: [sdb] No Caching mode page found 2014 May 17 12:07:09 mysystem->/var/log/syslog May 17 12:07:08 mysystem kernel: [62046.161906] sd 6:0:0:0: [sdb] Assuming drive cache: write through 2014 May 17 12:07:09 mysystem->/var/log/syslog May 17 12:07:08 mysystem kernel: [62046.696257] sdb: sdb1 2014 May 17 12:07:09 mysystem->/var/log/syslog May 17 12:07:08 mysystem kernel: [62046.698841] sd 6:0:0:0: [sdb] No Caching mode page found 2014 May 17 12:07:09 mysystem->/var/log/syslog May 17 12:07:08 mysystem kernel: [62046.698843] sd 6:0:0:0: [sdb] Assuming drive cache: write through 2014 May 17 12:07:09 mysystem->/var/log/syslog May 17 12:07:08 mysystem kernel: [62046.698845] sd 6:0:0:0: [sdb] Attached SCSI removable disk
---- On Saturday, May 17, 2014 1:50:21 AM UTC+5:30, dan (ddpbsd) wrote: > > > On May 16, 2014 4:19 PM, "Ashok" <ashokku...@gmail.com <javascript:>> > wrote: > > > > Yes I did > > > > Can you provide a log sample? > > > > > On Saturday, May 17, 2014 12:55:45 AM UTC+5:30, Ashok wrote: > >> > >> I tried to overwrite the predefined external storage detection code by > including the following in local_rules.xml > >> > >> <rule id="532" level="0" overwrite="yes" > > >> <if_sid>531</if_sid> > >> <match>cdrom|/media|usb|/mount|floppy|dvd</match> > >> <description>Detected external medias.</description> > >> </rule> > >> > >> > >> But its not detecting usb storage.. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
