Greetings, I saw this in the alerts list this morning. I've seen alerts like this before, but the thing that caught my eye was the ossec-keepalive line:
2009 Mar 05 08:35:51 Rule Id: 11 level: 8 Location: (agent) 10.0.0.2->ossec-keepalive Excessive number of events (above normal). The average number of logs between 8:00 and 9:00 is 308. We reached 559. Could someone enlighten me as to what ossec-keepalive is and why it's creating a lot of events? Has anyone seen this before? --cryogen
