OSSEC is giving me an alert "OSSEC HIDS Notification. 2010 Sep 11 12:43:23
Received From: (server) 101.102.103.104->/var/log/messages Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s): Sep 11 12:43:15 server error getting update info: tuple index out of range --END OF NOTIFICATION" Could this be caused by OSSEC trying to decode a message in /var/log/ messages which is too long?
