dcid - why is there moderation on this list? is this something TM imposed on you?
Nate Schmoll [email protected] 253-987-NATE On Mar 25, 2010, at 11:16 AM, Iñaki R. wrote: > > Hi, > > ossec maintains an internal database with the number of events per agent > and if an agent exceed that number of events, it fires an alert. > Basically you can use that alert to discover extrange activity on > servers. I have mail servers with high load all the time firing that > alert :) > > Greetings > > Bradley Radjoo wrote: >> Hello there, >> >> They are events. >> >> On 25 Mar 2010, at 2:48 PM, Iñaki R. wrote: >> >>> Hi Bradley, >>> >>> logs or events? I never saw that message with number of log files but >>> with number of events. >>> >>> Greetings >>> >>> Bradley Radjoo wrote: >>>> Greetings, >>>> >>>> I noticed something yesterday on all this OSSEC e-mail notifications. >>>> >>>> A mail said there were excessive logs in /var/log/<something> - like 2000+ >>>> logs when the average was 1000 between blah and bleh >>>> >>>> I looked in the log. That hour had like 50 logs. >>>> >>>> So, what exactly does OSSEC count to get these numbers and what does the >>>> number mean? >>>> >>>> Regards, >>>> Bradley >>>> Please note: This email and its content are subject to the disclaimer as >>>> displayed at the following link >>>> http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm. >>>> Should you not have Web access, send an email to [email protected] >>>> <mailto:[email protected]> and a copy will be sent to you. >>>> >>>> To unsubscribe from this group, send email to >>>> ossec-list+unsubscribegooglegroups.com or reply to this email with the >>>> words "REMOVE ME" as the subject. >>> To unsubscribe from this group, send email to >>> ossec-list+unsubscribegooglegroups.com or reply to this email with the >>> words "REMOVE ME" as the subject. >> >> ----- >> >> Regards, >> >> Bradley Radjoo >> Infrastructure Services >> Internet Solutions >> 087 365 0664 (Phone) >> 011 576 0664 (Fax) >> >> Anyone who has never made a mistake has never tried anything new. — Albert >> Einstein. >> >> >> >> >> >> Please note: This email and its content are subject to the disclaimer as >> displayed at the following link >> http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm. >> Should you not have Web access, send a mail to [email protected] and a >> copy will be emailed to you. >> >> To unsubscribe from this group, send email to >> ossec-list+unsubscribegooglegroups.com or reply to this email with the words >> "REMOVE ME" as the subject. > > To unsubscribe from this group, send email to > ossec-list+unsubscribegooglegroups.com or reply to this email with the words > "REMOVE ME" as the subject. To unsubscribe from this group, send email to ossec-list+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
