Just FYI, not sure if a resolution
to https://groups.google.com/forum/#!msg/ossec-list/dE3klm84JMU/kGZkRdSl3ZkJ
has been put in place or not but it is occurring in v2.9.2 - I received an
email alert (can post the text if it would be helpful).
Related to this, I noticed that the alert level is
Hello according to the archives this bug was fixed in v2.6. I upgraded
from v2.4.1 to v2.7-beta1, and am experiencing it with 20 'alerts'
daily:
---
OSSEC HIDS Notification.
2012 Oct 01 16:43:49
Received From: localhost-ossec-keepalive
Rule: 1002 fired (level 2) -
The local install is similar enough to the agent/manager install. It's
still something you can ignore. Upgrade to the 2.6beta should get rid
of it.
On Fri, Jun 17, 2011 at 6:52 PM, Steven Stern
subscribed-li...@sterndata.com wrote:
I'm using 2.5.1. There is no separate manager; OSSEC runs on and
Hi Steven,
Those are keepalive messages from an agent to the manager. You can ignore them.
What version of OSSEC do you have installed? They're supposed to be
ignored so they don't fire alerts...
On Fri, Jun 17, 2011 at 3:52 PM, Steven Stern
subscribed-li...@sterndata.com wrote:
What does this
I'm using 2.5.1. There is no separate manager; OSSEC runs on and reports
from this system.
On 06/17/2011 03:04 PM, dan (ddp) wrote:
Hi Steven,
Those are keepalive messages from an agent to the manager. You can ignore them.
What version of OSSEC do you have installed? They're supposed to be
Greetings,
I saw this in the alerts list this morning. I've seen alerts like
this before, but the thing that caught my eye was the ossec-keepalive
line:
2009 Mar 05 08:35:51 Rule Id: 11 level: 8
Location: (agent) 10.0.0.2-ossec-keepalive
Excessive number of events (above normal).
The