Aug 28 06:26:31 10.2.78.1 fw01.GTC-unitedway.com %PIX-4-106023: Deny
udp src outside:65.150.205.39/8523 dst db:66.111.106.118/1026 by
access-group "acl_outside" [0x0, 0x0]
Aug 28 06:26:31 10.2.78.1 fw01.GTC-unitedway.com %PIX-4-106023: Deny
udp src outside:65.97.66.110/26467 dst dmz:66.111.106.160/1026 by
access-group "acl_outside" [0x0, 0x0]
Like I said it fires alerts such as this:
OSSEC HIDS Notification.
2006 Aug 28 10:25:36
Received From: 10.2.78.1->/mnt/logdisk/10.2.78.1/10.2.78.1.log
Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system."
Portion of the log(s):
fw01.GTC-unitedway.com %PIX-5-304001: 203.199.127.57 Accessed URL
10.2.79.11:/admin/webadmin/main.php
On Aug 28, 2006, at 2:09 PM, Daniel Cid wrote:
Can you show us a few lines of these logs? In addition to that, we
made a few fixes in the latest snapshot to support the extra pix
timestamping. If you can try it:
http://www.ossec.net/files/snapshots/ossec-hids-060820.tar.gz
Maybe your problem is fixed already there...
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 8/28/06, Erick Kinnee <[EMAIL PROTECTED]> wrote:
OSSEC is reading the PIX logs sent to it via syslog, it generates
alerts, but all of the alerts say "Unknown problem somewhere in the
system." They don't seem to be picking up the descriptions from
pix_rules.xml. Why?
