I'm still getting the following alerts:
OSSEC HIDS Notification.
2007 Feb 17 09:53:08
Received From: satyr->/var/log/messages
Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Feb 17 09:53:08 satyr smbd[14256]: Denied connection from (0.0.0.0)
OSSEC HIDS Notification.
2007 Feb 17 09:53:08
Received From: satyr->/var/log/messages
Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Feb 17 09:53:08 satyr smbd[14256]: Connection denied from 0.0.0.0
My local_rules.xml contains these snippets:
<rule id="100070" level="0">
<if_sid>1002</if_sid>
<program_name>smbd</program_name>
<regex>^\s*Denied connection from (0.0.0.0)</regex>
<description>Ignoring smbd denied connection from</description>
</rule>
<rule id="100080" level="0">
<if_sid>1002</if_sid>
<program_name>smbd</program_name>
<regex>^\s*Connection denied from (0.0.0.0)</regex>
<description>Ignoring smbd denied connection from</description>
</rule>
--
Kayvan A. Sylvan | Proud husband of | Father to my kids:
Sylvan Associates, Inc. | Laura Isabella Sylvan, | Katherine Yelena (8/8/89)
http://sylvan.com/~kayvan | my beautiful Queen. | Robin Gregory (2/28/92)
