Dear community,
each day I get an alert from the rule 40101 :
fired (level 12) - System user successfully logged to the system.
Portion of the log(s):
Mar 11 15:53:38 server su[15522]: + ??? root:nobody
I found the script responisble for this :
/etc/cron.daily/locate
This script is using
If the action is expected then create a local rule that suppresses
that alert for the hostname and program_name
On Sun, Mar 11, 2012 at 11:03, Hugo Deprez hugo.dep...@gmail.com wrote:
Dear community,
each day I get an alert from the rule 40101 :
fired (level 12) - System user successfully