Hello,
Just installed this to update local from 2.7 to 2.9.1 but start failed.
2017/08/29 12:15:30 ossec-testrule: INFO: Reading local decoder file.
2017/08/29 12:15:30 ossec-analysisd: Duplicate rule ID:52000
2017/08/29 12:15:30 ossec-testrule(1220): ERROR: Error loading the rules:
'bro-ids_rul
ssec"
VERSION="v2.7.1"
DATE="Mon Feb 17 16:27:23 CST 2014"
TYPE="local"
Thanks.
Upen
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from
On Jan 21, 11:22 am, "dan (ddp)" wrote:
> On Fri, Jan 20, 2012 at 3:38 PM, upen wrote:
> > Hello,
>
> > I get below alert in the email,
>
> > OSSEC HIDS Notification.
> > 2012 Jan 20 14:34:08
>
> > Received From: myhost->/var/log/mess
Hello,
I get below alert in the email,
OSSEC HIDS Notification.
2012 Jan 20 14:34:08
Received From: myhost->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the
system."
Portion of the log(s):
Jan 20 14:34:06 myhost abrtd: Corrupted or bad dump /var/spool/abrt/
ccpp-
Thanks guys. Well, it is running NFS for sure. Someone in our group
already did that exercise of checking why netstat is lying and so I
just wanted to avoid ossec checking this thing. If there is not easy
to avoid checking , I will go with Satish's way of no_email_alert ;)
Version solaris is 10 an
Hi , I am wondering how to make ossec avoid checking 'netstat' or
atleast help me filter these emails. I have made sure netstat isn't an
issue on the system.
Received From: sparc-server>rootcheck
Rule: 100040 fired (level 7) -> "Host-based anomaly detection event
(rootcheck)"
Portion of the log(s)
On Tue, Mar 22, 2011 at 3:25 PM, upen wrote:
> Hello,
>
> I read a number of posts related to issue with TZ and ossec on
> solaris. Is this resolved or still there? As far my server, I am using
> solaris 10 , latest ossec. However I do see my email client shows that
> the
Hello,
I read a number of posts related to issue with TZ and ossec on
solaris. Is this resolved or still there? As far my server, I am using
solaris 10 , latest ossec. However I do see my email client shows that
the email was received before 5 hours but in reality it was sent some
seconds back.
I
The '' below indicate that this is commented out.
Thanks. I am an idiot!
>
> The term "graph" did not appear in the log message at all.
> I don't have access to ossec at the moment, but servername is probably
> the hostname of the system the log message came from. If so, it won't
> be available
On Feb 8, 7:35 pm, "dan (ddp)" wrote:
> What do you have so far?
Thanks for quick reply.
On Feb 8, 7:35 pm, "dan (ddp)" wrote:
> What do you have so far?
Thanks for quick reply.
OSSEC HIDS Notification.
2011 Feb 08 19:15:51
Received From: servername->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the
system."
Portion of the log(s):
Feb 8 19:15:49 servername kernel: program[26416] general protection
ip:3d2007f754 sp:7fff8c54be88 error:0 in
Hi,
I just removed Ossec 2.1 and installed 2.4 on ubuntu 8.04 system and
started ossec using start up script..
I got below email from host, Is that something to worry about or a
false alert and can be ignored?
Received From:host-ubuntu->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly
13 matches
Mail list logo