Hi, This is not an error on the OSSEC side (we don't have this error message in there). Most probably your log file got rotated and you missed it in there when you checked... I saw similar errors in the past related to yum, yum-upgrade, etc.
Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Mon, Sep 13, 2010 at 5:19 AM, ItsMikeE <mernst...@gmail.com> wrote: > The error does not appear in /var/log/messages on the agent being > monitored, but does appear in the ossec.log on the master. > There is a very long message in /var/log/messages on the agent at > around the same time. > > Is there a maximum size for messages? > All agents are running on RHEL 5 > > On Sep 11, 4:04 pm, "dan (ddp)" <ddp...@gmail.com> wrote: >> On Sat, Sep 11, 2010 at 7:53 AM, ItsMikeE <mernst...@gmail.com> wrote: >> > OSSEC is giving me an alert >> >> > "OSSEC HIDS Notification. >> > 2010 Sep 11 12:43:23 >> >> > Received From: (server) 101.102.103.104->/var/log/messages >> > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the >> > system." >> > Portion of the log(s): >> >> > Sep 11 12:43:15 server error getting update info: tuple index out of >> > range >> >> > --END OF NOTIFICATION" >> >> > Could this be caused by OSSEC trying to decode a message in /var/log/ >> > messages which is too long? >> >> Can you find that message in /var/log/messages?
