I frequently get these types of alert notifications from OSSEC-HIDS. ----- Forwarded message from OSSEC HIDS <[EMAIL PROTECTED]> -----
OSSEC HIDS Notification.
2006 Jun 11 14:29:53
Received From: satyr->/var/log/maillog
Rule: 102 fired (level 7) -> "Unknown problem somewhere in the system.'"
Portion of the log(s):
spamd[1433]: checking message <[EMAIL PROTECTED]> for nobody:99.
----- End forwarded message -----
The problem is that the string "BAD" is found in the above.
Maybe if we say that the match must be surrounded by whitespace then
the above kind of misfire can be minimized?
---Kayvan
--
Kayvan A. Sylvan | Proud husband of | Father to my kids:
Sylvan Associates, Inc. | Laura Isabella Sylvan, | Katherine Yelena (8/8/89)
http://sylvan.com/~kayvan | my beautiful Queen. | Robin Gregory (2/28/92)
pgpCPUcFQdKo0.pgp
Description: PGP signature
