[ossec-list] Web server 500 error code (Internal Error).
Hello, I'm having a Notification that keeps popping up : OSSEC HIDS Notification. 2014 Jan 27 12:35:59 Received From: (xibo) 192.168.0.126-/var/log/httpd/access_log Rule: 31122 fired (level 5) - Web server 500 error code (Internal Error). Portion of the log(s): 192.168.56.13 - - [27/Jan/2014:12:35:51 +] POST /xibo/xmds.php HTTP/1.1 500 293 - Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.3649) Any idea what can it be? i get it every 5-10 mins thank you in advance -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ossec-list] Web server 500 error code (Internal Error).
Is it something i can fix or just let it go? On Monday, January 27, 2014 1:05:49 PM UTC-6, dan (ddpbsd) wrote: On Mon, Jan 27, 2014 at 1:59 PM, Ian Martinez ian.ma...@gmail.comjavascript: wrote: Hello, I'm having a Notification that keeps popping up : OSSEC HIDS Notification. 2014 Jan 27 12:35:59 Received From: (xibo) 192.168.0.126-/var/log/httpd/access_log Rule: 31122 fired (level 5) - Web server 500 error code (Internal Error). Portion of the log(s): 192.168.56.13 - - [27/Jan/2014:12:35:51 +] POST /xibo/xmds.php HTTP/1.1 500 293 - Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.3649) Any idea what can it be? i get it every 5-10 mins thank you in advance Someone is trying a POST attempt against /xibo/xmds.php on 192.168.66.13, and it's causing an error. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com javascript:. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ossec-list] Web server 500 error code (Internal Error).
Thank for your help and i agree, seems appropriated for another forum. ill look into it. On Monday, January 27, 2014 6:21:30 PM UTC-6, Saul Alanis wrote: Here are a list of HTTP status codes you can use as reference: https://support.google.com/webmasters/answer/40132?hl=en This is completely unrelated question to OSSEC in my opinion and doesn't belong on this mailing list. On Mon, Jan 27, 2014 at 2:24 PM, dan (ddp) ddp...@gmail.com javascript: wrote: On Mon, Jan 27, 2014 at 3:20 PM, Ian Martinez ian.ma...@gmail.comjavascript: wrote: Is it something i can fix or just let it go? That's not a question I can answer. You could find out why the client is trying to post to that site, or check the log files to try and find out why it's failing. On Monday, January 27, 2014 1:05:49 PM UTC-6, dan (ddpbsd) wrote: On Mon, Jan 27, 2014 at 1:59 PM, Ian Martinez ian.ma...@gmail.com wrote: Hello, I'm having a Notification that keeps popping up : OSSEC HIDS Notification. 2014 Jan 27 12:35:59 Received From: (xibo) 192.168.0.126-/var/log/httpd/access_log Rule: 31122 fired (level 5) - Web server 500 error code (Internal Error). Portion of the log(s): 192.168.56.13 - - [27/Jan/2014:12:35:51 +] POST /xibo/xmds.php HTTP/1.1 500 293 - Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.3649) Any idea what can it be? i get it every 5-10 mins thank you in advance Someone is trying a POST attempt against /xibo/xmds.php on 192.168.66.13, and it's causing an error. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com javascript:. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com javascript:. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[ossec-list] Error with OSSEC-analysisd
i keep getting *ossec-analysisd: ERROR: read error on /queue/diff/websec/535/last-entry *on my */var/ossec/logs/ossec.log* any idea why or how to fix the error? im on CentOS release 6.5 (Final). thanks in advance -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ossec-list] Error with OSSEC-analysisd
apparently the file exists on */var/ossec/queue/diff/websec/535* *-rw-r-. 1 ossec ossec 0 Jan 18 13:52 last-entry* looks empty On Thursday, January 23, 2014 10:04:52 AM UTC-6, dan (ddpbsd) wrote: On Thu, Jan 23, 2014 at 11:01 AM, Ian Martinez ian.ma...@gmail.comjavascript: wrote: i keep getting ossec-analysisd: ERROR: read error on /queue/diff/websec/535/last-entry on my /var/ossec/logs/ossec.log Does the file exist? Is there content? What are the owner/group and permissions? any idea why or how to fix the error? im on CentOS release 6.5 (Final). thanks in advance -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com javascript:. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ossec-list] Error with OSSEC-analysisd
Looks liked it work! Deleted the file and no longer shows the error. ill keep a close watch on it though. Thank you for your time. On Thursday, January 23, 2014 10:19:20 AM UTC-6, dan (ddpbsd) wrote: On Thu, Jan 23, 2014 at 11:18 AM, dan (ddp) ddp...@gmail.comjavascript: wrote: On Thu, Jan 23, 2014 at 11:10 AM, Ian Martinez ian.ma...@gmail.comjavascript: wrote: apparently the file exists on /var/ossec/queue/diff/websec/535 Yep, that makes sense. ossec-analysisd chroots itself (by default to /var/ossec), so those paths are basically the same. -rw-r-. 1 ossec ossec 0 Jan 18 13:52 last-entry I don't have anything to check this against off hand. Reconfiguring syscheck now I meant to add that I would try shutting down OSSEC, deleting that file, and starting OSSEC back up. looks empty On Thursday, January 23, 2014 10:04:52 AM UTC-6, dan (ddpbsd) wrote: On Thu, Jan 23, 2014 at 11:01 AM, Ian Martinez ian.ma...@gmail.com wrote: i keep getting ossec-analysisd: ERROR: read error on /queue/diff/websec/535/last-entry on my /var/ossec/logs/ossec.log Does the file exist? Is there content? What are the owner/group and permissions? any idea why or how to fix the error? im on CentOS release 6.5 (Final). thanks in advance -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com javascript:. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[ossec-list] Ossec-maild Failed to start
Hello Recently i keep getting when i try to start ossec-control start *Starting OSSEC HIDS v2.7.1 (by Trend Micro Inc.)...* *Started ossec-agentlessd...* *ossec-maild did not start correctly.* This is what i get from the log: *ossec-maild: DEBUG: Starting ...* *ssec-maild(2301): ERROR: Definition not found for: 'maild.geoip'.* Any idea what can it be? Is there a way reconfigure ossec server without losing all my agents? thanks in advance -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ossec-list] Ossec-maild Failed to start
Thank you ill try that On Friday, January 17, 2014 2:27:27 PM UTC-6, dan (ddpbsd) wrote: On Fri, Jan 17, 2014 at 3:24 PM, Ian Martinez ian.ma...@gmail.comjavascript: wrote: Hello Recently i keep getting when i try to start ossec-control start Starting OSSEC HIDS v2.7.1 (by Trend Micro Inc.)... Started ossec-agentlessd... ossec-maild did not start correctly. This is what i get from the log: ossec-maild: DEBUG: Starting ... ssec-maild(2301): ERROR: Definition not found for: 'maild.geoip'. Any idea what can it be? Is there a way reconfigure ossec server without losing all my agents? It looks like you don't have the geoip stuff compiled in. Remove the geoip stuff from the configuration or recompile with geoip support and you should be good to go. thanks in advance -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com javascript:. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[ossec-list] Ossec-maild failed to start
I recently got this error starting my ossec server # /var/ossec/bin/ossec-control start Starting OSSEC HIDS v2.7.1 (by Trend Micro Inc.)... Started ossec-agentlessd... ossec-maild did not start correctly. This is what i get from /var/ossec/logs/ossec.log ossec-maild(2301): ERROR: Definition not found for: 'maild.geoip'. Any ideas how to fix it or what is causing the problem? Is there any idea i can reconfigure ossec server without losing my agents? Thank you in advance. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.