On Sat, Sep 11, 2010 at 7:53 AM, ItsMikeE <mernst...@gmail.com> wrote: > OSSEC is giving me an alert > > "OSSEC HIDS Notification. > 2010 Sep 11 12:43:23 > > Received From: (server) 101.102.103.104->/var/log/messages > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the > system." > Portion of the log(s): > > Sep 11 12:43:15 server error getting update info: tuple index out of > range > > --END OF NOTIFICATION" > > Could this be caused by OSSEC trying to decode a message in /var/log/ > messages which is too long? >
Can you find that message in /var/log/messages?
