Thanks Daniel, It may be true. DNS server couldn't output IP of SMTP server.
But all of ossec modules were unloaded from memory. It's stoped. Aleksander. > -----Original Message----- > From: Daniel Cid [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 20, 2006 2:07 AM > To: Oleksander Panchuk > Cc: Peter Ahlert; [EMAIL PROTECTED] > Subject: Re: [Ossec-list] ossec was finished work unexpectedly > > Hi Oleksander, > > There are two problems there. The first one is regarding the mod_security > logs. > Looks like they mod_security does not print the log "atomically", so when > ossec tries to read the log, it may get "unluck" and only see parts of the > message (without the end of line). This is the reason of these first > messages > and it will not cause any problem on ossec, just this boring error message > that I will remove for the next version :) > > The second error should only happen when you start ossec and it can't > find the IP address of your smtp server. Did you restart ossec at that > time? > Does this box has DNS configured properly? If it does not have, you will > need to provide the smtp server IP address instead of the hostname. > > Hope it helps.. > > Thanks, > > -- > Daniel B. Cid > dcid @ ( at ) ossec.net > > On 6/19/06, Oleksander Panchuk <[EMAIL PROTECTED]> wrote: > > Hi, > > > > One problem existing yet > > Part of ossec.log is below: > > 2006/06/15 10:35:48 ossec-logcollector(1950): Analyzing file: > > '/var/log/squid/access.log'. > > 2006/06/15 10:35:48 ossec-logcollector: Started (pid: 2372). > > 2006/06/15 18:27:36 incorrect message: 'Authorization: Negotiate > > YIIQegYGKwYBBQUCoIIQbjCCEG > > 2006/06/15 18:27:37 incorrect message: 'mod_security-message: Access > denied > > with code 406. > > 2006/06/15 18:27:37 incorrect message: '' > > 2006/06/15 18:27:37 incorrect message: 'Content-Length: 328' > > 2006/06/15 18:27:37 incorrect message: 'Content-Type: text/html; > > charset=iso-8859-1' > > 2006/06/15 18:27:37 incorrect message: '' > > 2006/06/16 04:02:49 incorrect message: 'dflo-66-243-230-163.gtcom.net - > - > > [16/Jun/2006:04:0 > > 2006/06/16 04:02:49 incorrect message: 'dflo-66-243-230-163.gtcom.net - > - > > [16/Jun/2006:04:0 > > 2006/06/16 06:22:24 incorrect message: '[Fri Jun 16 06:22:24 2006] > [error] > > [client 58.69.89 > > 2006/06/16 12:01:00 incorrect message: 'lj2022.inktomisearch.com - - > > [16/Jun/2006:12:01:00 > > 2006/06/16 12:32:43 incorrect message: 'Authorization: Negotiate > > YIIQegYGKwYBBQUCoIIQbjCCEG > > 2006/06/16 12:32:43 incorrect message: 'mod_security-message: Access > denied > > with code 406. > > 2006/06/16 12:32:43 incorrect message: '' > > 2006/06/16 12:32:43 incorrect message: 'Content-Length: 328' > > 2006/06/16 12:32:43 incorrect message: 'Content-Type: text/html; > > charset=iso-8859-1' > > 2006/06/16 12:32:43 incorrect message: '' > > 2006/06/16 13:24:37 incorrect message: 'lj2390.inktomisearch.com - - > > [16/Jun/2006:13:24:37 > > 2006/06/16 18:05:29 incorrect message: 'dsl54007d20.pool.t-online.hu - - > > [16/Jun/2006:18:05 > > 2006/06/16 23:30:03 incorrect message: 'Authorization: Negotiate > > YIIQegYGKwYBBQUCoIIQbjCCEG > > 2006/06/16 23:30:03 incorrect message: 'mod_security-message: Access > denied > > with code 406. > > 2006/06/16 23:30:03 incorrect message: '' > > 2006/06/16 23:30:03 incorrect message: 'Content-Length: 328' > > 2006/06/16 23:30:03 incorrect message: 'Content-Type: text/html; > > charset=iso-8859-1' > > 2006/06/16 23:30:03 incorrect message: '' > > 2006/06/17 14:17:00 ossec-maild(1501): Invalid SMTP Server: ns1.cbn- > cis.net. > > 2006/06/17 14:17:00 ossec-maild(1202): Configuration problem. Exiting. > > 2006/06/17 14:17:00 ossec-maild(1202): Configuration problem. Exiting. > > 2006/06/19 14:29:34 ossec-maild: Started (pid: 6824). > > 2006/06/19 14:29:34 ossec-execd: Started (pid: 6829). > > 2006/06/19 14:29:34 ossec-analysisd: Reading rules file: > 'rules_config.xml' > > 2006/06/19 14:29:34 ossec-analysisd: Reading rules file: 'pam_rules.xml' > > Best regards, > > Aleksander. > > > > --~--~---------~--~----~------------~-------~--~----~ -~----------~----~----~----~------~----~------~--~---
