[ossec-list] ossecalert log file

wu tingyi Tue, 13 Apr 2010 04:54:48 -0700

Hello all,
** Alert 1271055172.24104: mail  - syslog,sshd-->what dose this mean?
2010 Apr 12 14:52:52 cl6g505->/var/log/secure --->is it means the alert is
save in /var/log/secure?
Rule: 5703 (level 10) -> 'Possible breakin attempt (high number of reverse
lookup errors).'
Src IP: l312c09.sitfypj.nyp.edu.sg
User: (none)
Apr 12 14:52:50 cl6g505 sshd[1652]---is it means port no?: reverse mapping
checking getaddrinfo for l312c09.sitfypj.nyp.edu.sg failed - POSSIBLE
BREAK-IN ATTEMPT!
Apr 12 22:26:38 cl6g505 sshd[1360]: reverse mapping checking getaddrinfo for
l312c10.sitfypj.nyp.edu.sg failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 12 21:21:50 cl6g505 sshd[506]: reverse mapping checking getaddrinfo for
l312c09.sitfypj.nyp.edu.sg failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 12 21:09:22 cl6g505 sshd[363]: reverse mapping checking getaddrinfo for
l312c10.sitfypj.nyp.edu.sg failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 12 20:51:20 cl6g505 sshd[311]: reverse mapping checking getaddrinfo for
l312c10.sitfypj.nyp.edu.sg failed - POSSIBLE BREAK-IN ATTEMPT!



Can anybody help me look at the qns?
Can explain me the whole event about?
i need it in a hurry..
thanks=)

Regards,
tingyi

[ossec-list] ossecalert log file

Reply via email to