Hello to all, and a most Happy New Year! I'm not sure if the subject of my post is accurate, but here's what I'm after.
Our Web server has been set up as a conduit by which to ping GPS devices via our business application. When any of our LAN hosts do a ping, I get the following notification from OH: OSSEC HIDS Notification. 2009 Jan 06 16:04:36 Received From: (hingham) 192.168.1.3->/etc/httpd/logs/access_log Rule: 31151 fired (level 10) -> "Mutiple web server 400 error codes from same source ip." Portion of the log(s): 72.93.103.87 - - [06/Jan/2009:16:04:34 -0500] "GET /rci/rci_command_563.txt HTTP/1.1" 404 8611 "-" "PowerBuilder" 72.93.103.87 - - [06/Jan/2009:16:04:34 -0500] "GET /rci/rci_command_563.txt HTTP/1.1" 404 8611 "-" "PowerBuilder" 72.93.103.87 - - [06/Jan/2009:16:04:17 -0500] "GET /rci/rci_command_563.txt HTTP/1.1" 404 8611 "-" "PowerBuilder" 72.93.103.87 - - [06/Jan/2009:16:04:17 -0500] "GET /rci/rci_command_563.txt HTTP/1.1" 404 8611 "-" "PowerBuilder" 72.93.103.87 - - [06/Jan/2009:16:04:01 -0500] "GET /rci/rci_command_563.txt HTTP/1.1" 404 8611 "-" "PowerBuilder" 72.93.103.87 - - [06/Jan/2009:16:04:01 -0500] "GET /rci/rci_command_563.txt HTTP/1.1" 404 8611 "-" "PowerBuilder" 72.93.103.87 - - [06/Jan/2009:16:03:34 -0500] "GET /rci/rci_command_563.txt HTTP/1.1" 404 8611 "-" "PowerBuilder" 72.93.103.87 - - [06/Jan/2009:16:03:34 -0500] "GET /rci/rci_command_563.txt HTTP/1.1" 404 8611 "-" "PowerBuilder" 72.93.103.87 - - [06/Jan/2009:16:03:10 -0500] "GET /rci/rci_command_563.txt HTTP/1.1" 404 8611 "-" "PowerBuilder" 72.93.103.87 - - [06/Jan/2009:16:03:10 -0500] "GET /rci/rci_command_563.txt HTTP/1.1" 404 8611 "-" "PowerBuilder" --END OF NOTIFICATION I'd like to prevent the rule being triggered by our LAN hosts (or, at least, stop the notifications). I whitelisted various hosts in ossec.conf, but that didn't work (and I probably don't really get the true purpose of whitelisting, to boot). Can someone help me out? Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
