Re: [ossec-list] "Web server 500 error code (Internal Error)."
Thank for your help and i agree, seems appropriated for another forum. ill look into it. On Monday, January 27, 2014 6:21:30 PM UTC-6, Saul Alanis wrote: > > Here are a list of HTTP status codes you can use as reference: > > https://support.google.com/webmasters/answer/40132?hl=en > > This is completely unrelated question to OSSEC in my opinion and doesn't > belong on this mailing list. > > > On Mon, Jan 27, 2014 at 2:24 PM, dan (ddp) > > wrote: > >> On Mon, Jan 27, 2014 at 3:20 PM, Ian Martinez >> > >> wrote: >> > Is it something i can fix or just let it go? >> > >> >> That's not a question I can answer. You could find out why the client >> is trying to post to that site, or check the log files to try and find >> out why it's failing. >> >> > >> > On Monday, January 27, 2014 1:05:49 PM UTC-6, dan (ddpbsd) wrote: >> >> >> >> On Mon, Jan 27, 2014 at 1:59 PM, Ian Martinez >> wrote: >> >> > Hello, >> >> > >> >> > I'm having a Notification that keeps popping up : >> >> > >> >> > >> >> > OSSEC HIDS Notification. >> >> > 2014 Jan 27 12:35:59 >> >> > >> >> > Received From: (xibo) 192.168.0.126->/var/log/httpd/access_log >> >> > Rule: 31122 fired (level 5) -> "Web server 500 error code (Internal >> >> > Error)." >> >> > Portion of the log(s): >> >> > >> >> > 192.168.56.13 - - [27/Jan/2014:12:35:51 +] "POST /xibo/xmds.php >> >> > HTTP/1.1" 500 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MS Web >> >> > Services >> >> > Client Protocol 2.0.50727.3649)" >> >> > >> >> > Any idea what can it be? i get it every 5-10 mins >> >> > >> >> > thank you in advance >> >> > >> >> >> >> Someone is trying a POST attempt against /xibo/xmds.php on >> >> 192.168.66.13, and it's causing an error. >> >> >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> send >> >> > an >> >> > email to ossec-list+...@googlegroups.com. >> >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to ossec-list+...@googlegroups.com . >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+...@googlegroups.com . >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ossec-list] "Web server 500 error code (Internal Error)."
Is it something i can fix or just let it go? On Monday, January 27, 2014 1:05:49 PM UTC-6, dan (ddpbsd) wrote: > > On Mon, Jan 27, 2014 at 1:59 PM, Ian Martinez > > > wrote: > > Hello, > > > > I'm having a Notification that keeps popping up : > > > > > > OSSEC HIDS Notification. > > 2014 Jan 27 12:35:59 > > > > Received From: (xibo) 192.168.0.126->/var/log/httpd/access_log > > Rule: 31122 fired (level 5) -> "Web server 500 error code (Internal > Error)." > > Portion of the log(s): > > > > 192.168.56.13 - - [27/Jan/2014:12:35:51 +] "POST /xibo/xmds.php > > HTTP/1.1" 500 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MS Web > Services > > Client Protocol 2.0.50727.3649)" > > > > Any idea what can it be? i get it every 5-10 mins > > > > thank you in advance > > > > Someone is trying a POST attempt against /xibo/xmds.php on > 192.168.66.13, and it's causing an error. > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/groups/opt_out. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[ossec-list] "Web server 500 error code (Internal Error)."
Hello, I'm having a Notification that keeps popping up : OSSEC HIDS Notification. 2014 Jan 27 12:35:59 Received From: (xibo) 192.168.0.126->/var/log/httpd/access_log Rule: 31122 fired (level 5) -> "Web server 500 error code (Internal Error)." Portion of the log(s): 192.168.56.13 - - [27/Jan/2014:12:35:51 +] "POST /xibo/xmds.php HTTP/1.1" 500 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.3649)" Any idea what can it be? i get it every 5-10 mins thank you in advance -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ossec-list] Error with OSSEC-analysisd
Looks liked it work! Deleted the file and no longer shows the error. ill keep a close watch on it though. Thank you for your time. On Thursday, January 23, 2014 10:19:20 AM UTC-6, dan (ddpbsd) wrote: > > On Thu, Jan 23, 2014 at 11:18 AM, dan (ddp) > > wrote: > > On Thu, Jan 23, 2014 at 11:10 AM, Ian Martinez > > > > wrote: > >> apparently the file exists on /var/ossec/queue/diff/websec/535 > >> > > > > Yep, that makes sense. ossec-analysisd chroots itself (by default to > > /var/ossec), so those paths are basically the same. > > > >> -rw-r-. 1 ossec ossec 0 Jan 18 13:52 last-entry > >> > > > > I don't have anything to check this against off hand. Reconfiguring > > syscheck now > > > > I meant to add that I would try shutting down OSSEC, deleting that > file, and starting OSSEC back up. > > >> looks empty > >> > >> > >> On Thursday, January 23, 2014 10:04:52 AM UTC-6, dan (ddpbsd) wrote: > >>> > >>> On Thu, Jan 23, 2014 at 11:01 AM, Ian Martinez > >>> wrote: > >>> > i keep getting ossec-analysisd: ERROR: read error on > >>> > /queue/diff/websec/535/last-entry on my /var/ossec/logs/ossec.log > >>> > > >>> > >>> Does the file exist? Is there content? What are the owner/group and > >>> permissions? > >>> > >>> > any idea why or how to fix the error? > >>> > > >>> > im on CentOS release 6.5 (Final). > >>> > > >>> > thanks in advance > >>> > > >>> > -- > >>> > > >>> > --- > >>> > You received this message because you are subscribed to the Google > >>> > Groups > >>> > "ossec-list" group. > >>> > To unsubscribe from this group and stop receiving emails from it, > send > >>> > an > >>> > email to ossec-list+...@googlegroups.com. > >>> > For more options, visit https://groups.google.com/groups/opt_out. > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to ossec-list+...@googlegroups.com . > >> For more options, visit https://groups.google.com/groups/opt_out. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ossec-list] Error with OSSEC-analysisd
apparently the file exists on */var/ossec/queue/diff/websec/535* *-rw-r-. 1 ossec ossec 0 Jan 18 13:52 last-entry* looks empty On Thursday, January 23, 2014 10:04:52 AM UTC-6, dan (ddpbsd) wrote: > > On Thu, Jan 23, 2014 at 11:01 AM, Ian Martinez > > > wrote: > > i keep getting ossec-analysisd: ERROR: read error on > > /queue/diff/websec/535/last-entry on my /var/ossec/logs/ossec.log > > > > Does the file exist? Is there content? What are the owner/group and > permissions? > > > any idea why or how to fix the error? > > > > im on CentOS release 6.5 (Final). > > > > thanks in advance > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/groups/opt_out. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[ossec-list] Error with OSSEC-analysisd
i keep getting *ossec-analysisd: ERROR: read error on /queue/diff/websec/535/last-entry *on my */var/ossec/logs/ossec.log* any idea why or how to fix the error? im on CentOS release 6.5 (Final). thanks in advance -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[ossec-list] Ossec-maild failed to start
I recently got this error starting my ossec server # /var/ossec/bin/ossec-control start Starting OSSEC HIDS v2.7.1 (by Trend Micro Inc.)... Started ossec-agentlessd... ossec-maild did not start correctly. This is what i get from /var/ossec/logs/ossec.log ossec-maild(2301): ERROR: Definition not found for: 'maild.geoip'. Any ideas how to fix it or what is causing the problem? Is there any idea i can reconfigure ossec server without losing my agents? Thank you in advance. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ossec-list] Ossec-maild Failed to start
Thank you ill try that On Friday, January 17, 2014 2:27:27 PM UTC-6, dan (ddpbsd) wrote: > > On Fri, Jan 17, 2014 at 3:24 PM, Ian Martinez > > > wrote: > > Hello > > > > Recently i keep getting when i try to start ossec-control start > > > > Starting OSSEC HIDS v2.7.1 (by Trend Micro Inc.)... > > Started ossec-agentlessd... > > ossec-maild did not start correctly. > > > > This is what i get from the log: > > > > ossec-maild: DEBUG: Starting ... > > ssec-maild(2301): ERROR: Definition not found for: 'maild.geoip'. > > > > Any idea what can it be? Is there a way reconfigure ossec server without > > losing all my agents? > > > > It looks like you don't have the geoip stuff compiled in. Remove the > geoip stuff from the configuration or recompile with geoip support and > you should be good to go. > > > thanks in advance > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/groups/opt_out. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[ossec-list] Ossec-maild Failed to start
Hello Recently i keep getting when i try to start ossec-control start *Starting OSSEC HIDS v2.7.1 (by Trend Micro Inc.)...* *Started ossec-agentlessd...* *ossec-maild did not start correctly.* This is what i get from the log: *ossec-maild: DEBUG: Starting ...* *ssec-maild(2301): ERROR: Definition not found for: 'maild.geoip'.* Any idea what can it be? Is there a way reconfigure ossec server without losing all my agents? thanks in advance -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.