Hi Oleksander, There are two problems there. The first one is regarding the mod_security logs. Looks like they mod_security does not print the log "atomically", so when ossec tries to read the log, it may get "unluck" and only see parts of the message (without the end of line). This is the reason of these first messages and it will not cause any problem on ossec, just this boring error message that I will remove for the next version :)
The second error should only happen when you start ossec and it can't find the IP address of your smtp server. Did you restart ossec at that time? Does this box has DNS configured properly? If it does not have, you will need to provide the smtp server IP address instead of the hostname. Hope it helps.. Thanks, -- Daniel B. Cid dcid @ ( at ) ossec.net On 6/19/06, Oleksander Panchuk <[EMAIL PROTECTED]> wrote: > Hi, > > One problem existing yet > Part of ossec.log is below: > 2006/06/15 10:35:48 ossec-logcollector(1950): Analyzing file: > '/var/log/squid/access.log'. > 2006/06/15 10:35:48 ossec-logcollector: Started (pid: 2372). > 2006/06/15 18:27:36 incorrect message: 'Authorization: Negotiate > YIIQegYGKwYBBQUCoIIQbjCCEG > 2006/06/15 18:27:37 incorrect message: 'mod_security-message: Access denied > with code 406. > 2006/06/15 18:27:37 incorrect message: '' > 2006/06/15 18:27:37 incorrect message: 'Content-Length: 328' > 2006/06/15 18:27:37 incorrect message: 'Content-Type: text/html; > charset=iso-8859-1' > 2006/06/15 18:27:37 incorrect message: '' > 2006/06/16 04:02:49 incorrect message: 'dflo-66-243-230-163.gtcom.net - - > [16/Jun/2006:04:0 > 2006/06/16 04:02:49 incorrect message: 'dflo-66-243-230-163.gtcom.net - - > [16/Jun/2006:04:0 > 2006/06/16 06:22:24 incorrect message: '[Fri Jun 16 06:22:24 2006] [error] > [client 58.69.89 > 2006/06/16 12:01:00 incorrect message: 'lj2022.inktomisearch.com - - > [16/Jun/2006:12:01:00 > 2006/06/16 12:32:43 incorrect message: 'Authorization: Negotiate > YIIQegYGKwYBBQUCoIIQbjCCEG > 2006/06/16 12:32:43 incorrect message: 'mod_security-message: Access denied > with code 406. > 2006/06/16 12:32:43 incorrect message: '' > 2006/06/16 12:32:43 incorrect message: 'Content-Length: 328' > 2006/06/16 12:32:43 incorrect message: 'Content-Type: text/html; > charset=iso-8859-1' > 2006/06/16 12:32:43 incorrect message: '' > 2006/06/16 13:24:37 incorrect message: 'lj2390.inktomisearch.com - - > [16/Jun/2006:13:24:37 > 2006/06/16 18:05:29 incorrect message: 'dsl54007d20.pool.t-online.hu - - > [16/Jun/2006:18:05 > 2006/06/16 23:30:03 incorrect message: 'Authorization: Negotiate > YIIQegYGKwYBBQUCoIIQbjCCEG > 2006/06/16 23:30:03 incorrect message: 'mod_security-message: Access denied > with code 406. > 2006/06/16 23:30:03 incorrect message: '' > 2006/06/16 23:30:03 incorrect message: 'Content-Length: 328' > 2006/06/16 23:30:03 incorrect message: 'Content-Type: text/html; > charset=iso-8859-1' > 2006/06/16 23:30:03 incorrect message: '' > 2006/06/17 14:17:00 ossec-maild(1501): Invalid SMTP Server: ns1.cbn-cis.net. > 2006/06/17 14:17:00 ossec-maild(1202): Configuration problem. Exiting. > 2006/06/17 14:17:00 ossec-maild(1202): Configuration problem. Exiting. > 2006/06/19 14:29:34 ossec-maild: Started (pid: 6824). > 2006/06/19 14:29:34 ossec-execd: Started (pid: 6829). > 2006/06/19 14:29:34 ossec-analysisd: Reading rules file: 'rules_config.xml' > 2006/06/19 14:29:34 ossec-analysisd: Reading rules file: 'pam_rules.xml' > Best regards, > Aleksander. > > --~--~---------~--~----~------------~-------~--~----~ -~----------~----~----~----~------~----~------~--~---
