All of the google responses I got for the error message pointed at yum.
On Mon, Sep 13, 2010 at 8:11 AM, Daniel Cid <daniel....@gmail.com> wrote: > Hi, > > This is not an error on the OSSEC side (we don't have this error > message in there). > Most probably your log file got rotated and you missed it in there > when you checked... I saw similar errors in the past related to yum, > yum-upgrade, etc. > > Thanks, > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > > > On Mon, Sep 13, 2010 at 5:19 AM, ItsMikeE <mernst...@gmail.com> wrote: >> The error does not appear in /var/log/messages on the agent being >> monitored, but does appear in the ossec.log on the master. >> There is a very long message in /var/log/messages on the agent at >> around the same time. >> >> Is there a maximum size for messages? >> All agents are running on RHEL 5 >> >> On Sep 11, 4:04 pm, "dan (ddp)" <ddp...@gmail.com> wrote: >>> On Sat, Sep 11, 2010 at 7:53 AM, ItsMikeE <mernst...@gmail.com> wrote: >>> > OSSEC is giving me an alert >>> >>> > "OSSEC HIDS Notification. >>> > 2010 Sep 11 12:43:23 >>> >>> > Received From: (server) 101.102.103.104->/var/log/messages >>> > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the >>> > system." >>> > Portion of the log(s): >>> >>> > Sep 11 12:43:15 server error getting update info: tuple index out of >>> > range >>> >>> > --END OF NOTIFICATION" >>> >>> > Could this be caused by OSSEC trying to decode a message in /var/log/ >>> > messages which is too long? >>> >>> Can you find that message in /var/log/messages? >
