On Thu, Dec 2, 2010 at 11:27 AM, Andre Pawlowski <[email protected]> wrote: > Hi list, > > I've got a strange error message from my ossec server that I don't > understand: > > OSSEC HIDS Notification. > 2010 Dec 02 09:48:40 > > Received From: kokyt0s->ossec-keepalive > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." > Portion of the log(s): > > --MARK--: > &pQSW__BPa5S?%tyDTJ3-iCG2lz2dU))r(F%6tjp8wqpf=]IKFT%ND2kP]ua/W)3-6'eHduX$;$Axqq7Vr.dVZ1SUDSaH)4xTXCIieaEKv47LD-bU)SXMnXO/jPGKn3.!NGBR_5]jD2UoSV9)h%z8G%7.xhI;s)267.rv2...@t2#w)Z(k'UQp9]MyDERrOrG[-,e...@b3rg/kGiR[g6mc0K)/]S]0'+?+'/.[r$fqBR^7iAjoPv4j6SWjeRsLGr%$3#p+buf&u_RC3i/mE3vS3*jp&B1qSJM431TmEg,YJ][ge;6-dJI69?-TB?!BI4?Uza63V3vMY3ake6ahj-%A-m_5lgab!OVR,!pR+;L]eLgilU > > > > --END OF NOTIFICATION > > > Has anyone an idea what this means? > > Regards > > -- > > Andre Pawlowski > > ------------------------------------------------------------------- > > Wenn eine Idee nicht zuerst absurd erscheint, taugt sie nichts. > -Albert Einstein >
I think it's "normal" (although I didn't think these messages were going to be logged). It's definitely nothing to worry about. I think the random text in the message is just padding to make the keep alives indistinguishable from other messages based on packet size.
