Service restarts did not clear the defunct process. I ended up killing them
off and restarting. The server is healthy now and processing rules
correctly. Thanks for all the help.
On Wednesday, April 20, 2016 at 8:46:21 AM UTC-4, dan (ddpbsd) wrote:
>
> On Mon, Apr 18, 2016 at 5:46 PM,
t;
> What is the output of ossec-logtest, using the line from your sample
> alert? No errors in your ossec.log on the server? Are other rules in your
> local_rules.xml working?
>
>
>
>
>
> *From:* ossec...@googlegroups.com [mailto:
> ossec...@googlegroups.co
I'm trying to ignore an NRPE ssl handhshake alert while I wait for the
responsible team to resolve it.
Here is a sample alert:
OSSEC HIDS Notification.
> 2016 Apr 16 18:06:17
> Received From: (some_host) some_ip->/var/log/messages
> Rule: 1002 fired (level 2) -> "Unknown problem somewhere in