Hi Bill and David, I'm using OSSEC with the 071129 update on CentOS 4.5. Received email alerts began to diminish in frequency at about 1 week after I applied the 071129 upgrade. By "diminish" I mean that while some of the alerts still came through, they numbered quite few. The server may receive 20 to 50 or more alerts per day that are above level 3, and if I'm lucky I'll only see one or two email notifications, each typically reporting a single suspicious event. This certainly doesn't represent the alerts log file very adequately.
One possibly significant aspect of this issue is that after stopping, then restarting OSSEC, I immediately receive the "Ossec server started." email notification but nearly every other alert posted to the alerts log fails to arrive as an email notification. Do either of you, or anyone else here, have an opinion what may be causing this issue. Tony On Dec 9 2007, 11:54 am, David Williams <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I believe this is a known bug and Daniel provided this note with a > snapshot which fixes it: > > Hi Pierre, > > Thanks for the information. I was able to find out where the bug is > and the fix is available at: > > http://www.ossec.net/files/snapshots/ossec-hids-071129.tar.gz > > Just update to this new version and the problem should go away. > > Thanks, > > - -- > Daniel B. Cid > dcid ( at ) ossec.net > > Bill Mathews wrote: > > I have a couple of of OSSEC v.1.4 running on Debian and every few weeks > > email alerts just stop. The alert log keeps seeing the alerts but they > > never go out via email. Packet captures never show the ossec machine > > even trying to send the message. Has anyone ever run across this before? > > On my older ( 1.2) OSSEC server I've not run across this. Thanks. > > > Bill > > > -- > > > This is my gmail account, there are many like it > > but this one is mine. > > - -- > _______________________________________________ > GPG (http://www.gnupg.org/) key available > from:http://www.kayakero.net/per/david/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.6 (GNU/Linux) > Comment: Using GnuPG with Fedora -http://enigmail.mozdev.org > > iD8DBQFHXEfhCzuSgviBh00RAsb0AKCPzuud78nMijn/INhl7wjry7dMMwCfS1s7 > feF6j6ItZ4rawmcFf5rDiBs= > =j5EF > -----END PGP SIGNATURE-----
