Thanks a stack Wim ;-)
On 23 Apr 2010, at 3:38 PM, Wim Remes wrote:
Bradley,
these are coming from servername.example.com and were found in the
monitored logfile /var/log/messages. I think you already figured that
out :-)
rule 1002 creates a level 2 alert when any of the following
Yes indeed Dan. Yip.
Do you perhaps know why its generating this error, as it happens on many other
of my machines and I am no trying to access the DVD-ROM/CD-ROM drive/s as I
know there is no media in them
On 23 Apr 2010, at 2:21 PM, dan (ddp) wrote:
Is there an optical drive in the
I wish I knew. I see these types of errors on some of my systems as
well, but haven't had a chance to look into it.
I was thinking it might be some daemon polling the optical drive to
see if media is present, and if it is present mount it. But again, I
haven't researched it enough to know for
Hi Eric,
You don't have to duplicate the scripts. Just add a new
active-response section and give it a very
high timeout and specify the rule id you want:
active-response
commandfirewall-drop/command
locationlocal/location
rules_id3302/rules_id
timeout/timeout
Hi Michael,
Do you get any errors on the manager's ossec.log file? Check there as well..
thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On Thu, Apr 22, 2010 at 11:05 AM, Michael Barrett
michael_barr...@mgic.com wrote:
I am having an issue with one of my systems. This is OSSEC Windows version
I appreciate the response
Hmmm was thinking of doing that, hehe :-)
On 26 Apr 2010, at 2:52 PM, dan (ddp) wrote:
I wish I knew. I see these types of errors on some of my systems as
well, but haven't had a chance to look into it.
I was thinking it might be some daemon polling the optical