Hi Steve, You shouldn't be concerned regarding OSSEC. It's a warning that there is more going on on your systems than normally, about which you SHOULD be concerned ;-)
Go through your logs to find out what is out of the ordinary, and ask yourself questions like: "Did Marketing just launch a new campaign which is causing more publicity and therefore more hits on our web servers?" or: "Did somebody do an article about us?" Etc. (heck, you could even be Slashdotted as we speak ;-) Cheers, Erik 2007/6/19, Steve West <[EMAIL PROTECTED]>: > > > ossec v 1.2 > > Hi, > > Should I be concerned w/ ossec alerts about "The average number of logs > between 14:00 and 15:00 is 25326. We reached 32925."? I'm getting these > several times a day from a number of our linux ossec agents and I just > want to know if I should be concerned or if it has a negative impact on > ossec? > > thx, > > SW > >
