On Thu, Oct 10, 2019 at 9:24 AM Prashanthi Soundarajan
<prashanthid...@gmail.com> wrote:
>
>
> Yes, I able see the alerts which I mentioned (" Level 2 - Unknown problem
> somewhere in the system","Level 8 - Log file size reduced","Level 7 -
> Integrity checksum changed."," Level 13 - Non standard syslog message") in
> /var/ossec/logs/alerts/alerts.log
>
> ____Sample:_____
>
> ** Alert 1570713203.436414: mail - syslog,errors,
> 2019 Oct 10 13:13:23 fc-app-7->/var/log/nginx/error.log
> Rule: 1002 (level 2) -> 'Unknown problem somewhere in the system.'
> App 1663 stderr:
> /data/helpkit/shared/bundler_gems/ruby/2.2.0/gems/rest-client-1.8.0/lib/restclient/request.rb:387:in
> `transmit' : This dangerous monkey patch leaves you open to MITM attacks!
> (StandardWarning)
>
> ** Alert 1570713205.436799: mail - syslog,errors,
> 2019 Oct 10 13:13:25 fc-app-7->/var/log/nginx/error.log
> Rule: 1002 (level 2) -> 'Unknown problem somewhere in the system.'
> App 1663 stderr:
> /data/helpkit/shared/bundler_gems/ruby/2.2.0/gems/rest-client-1.8.0/lib/restclient/request.rb:387:in
> `transmit' : This dangerous monkey patch leaves you open to MITM attacks!
> (StandardWarning)
>
> ** Alert 1570713207.437184: mail - syslog,errors,
> 2019 Oct 10 13:13:27 fc-app-7->/var/log/nginx/error.log
> Rule: 1002 (level 2) -> 'Unknown problem somewhere in the system.'
> App 1663 stderr:
> /data/helpkit/shared/bundler_gems/ruby/2.2.0/gems/rest-client-1.8.0/lib/restclient/request.rb:387:in
> `transmit' : This dangerous monkey patch leaves you open to MITM attacks!
> (StandardWarning)
All the samples are from the alerts you say you are getting emails
for. The important alerts to look for are the ones you're not getting
emails for.
Assuming those exist in the alerts.log file, check your smtp server's
mail logs. Perhaps it's discarding the messages or they aren't getting
transferred properly?
>>
>> > You received this message because you are subscribed to the Google Groups
>> > "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an
>> > email to ossec...@googlegroups.com.
>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msgid/ossec-list/22dc0593-8252-4bc6-b19c-61a67db7e522%40googlegroups.com.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ossec-list/9fc6a473-a9ac-4aa3-ac09-48162be0064e%40googlegroups.com.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/CAMyQvMobR33Vn0aDbdCYsq4Liuo1-pYtSKr7nAZbtM25Cda67Q%40mail.gmail.com.
