[ossec-list] named_rules.xml problem

Denis Shaposhnikov Fri, 01 Feb 2008 13:50:28 -0800

Hello,

I don't know why but I see that named decoder don't recognize this line:


Feb  1 12:40:55 alpha named[711]: client 210.22.89.90#7496: update
'sdinfo.com/IN' denied

I say "don't recognize" because I see the next:

** Alert 1201898468.459: mail  - syslog,errors,
2008 Feb 01 12:41:08 alpha->/var/log/messages
Rule: 1002 (level 2) -> 'Unknown problem somewhere in the system.'
Src IP: (none)
User: (none)
Feb  1 12:40:55 alpha named[711]: client 210.22.89.90#7496: update
'sdinfo.com/IN' denied

Here list of rules from my ossec.conf:

  <rules>
    <include>rules_config.xml</include>
    <include>sshd_rules.xml</include>
    <include>syslog_rules.xml</include>
    <include>ftpd_rules.xml</include>
    <include>attack_rules.xml</include>
    <include>ossec_rules.xml</include>
    <include>named_rules.xml</include>
    <include>local_rules.xml</include>
  </rules>  

As you can see, named_rules.xml here.

-- 
DSS5-RIPE DSS-RIPN mailto:[EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
http://wizard.volgograd.ru/ 2:550/[EMAIL PROTECTED] 2:550/[EMAIL PROTECTED]

[ossec-list] named_rules.xml problem

Reply via email to