Hi all, im new in the Ossec World.
My Ossec installation watch for NIDS (Snort) log alert's in the
/var/log/message/.
I'v install the Web interface for Ossec..all work great! Except, when i make
an F5 (or when the web interface reload by itself) to the Web interface to see
if alerts was added, snort interpret it, like an "attack". I always received
this error;
2007 Jun 06 15:16:39 Rule Id: 20101 level: 6
Location: (************) 10.*.*.6->/var/log/messages
IDS event.
Jun 6 15:16:38 ******** snort[11669]: [1:882:5] WEB-CGI calendar access
[Classification: Attempted Information Leak] [Priority: 2]: {TCP}
10.*.*.2:34282 -> 10.*.*.6:80
How i can stop to log this false positive?
Sorry if the question have been ask before, i'v google some time but found
nothing about it.
Thanks all
Francis Provencher
Ministère de la Sécurité publique du Québec
Direction des technologies de l'information
Division de la sécurité informatique
Tél: 1 418 646-3258
Courriel: [EMAIL PROTECTED]
CEH - Certified Ethical Hackers
SSCP - System Security Certified Practitionner
Sec+ - Security +
