It means that a syslog message had one of these words in it:
core_dumped|failure|error|attack|bad |illegal
|denied|refused|unauthorized|fatal|failed|Segmentation Fault|Corrupted
MARK and the string of characters is actually part of the message and it
is likely a disk error.
It definitely should be looked at.
On 12/02/2010 12:10 PM, dan (ddp) wrote:
On Thu, Dec 2, 2010 at 11:27 AM, Andre Pawlowski<[email protected]> wrote:
Hi list,
I've got a strange error message from my ossec server that I don't
understand:
OSSEC HIDS Notification.
2010 Dec 02 09:48:40
Received From: kokyt0s->ossec-keepalive
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
--MARK--:
&pQSW__BPa5S?%tyDTJ3-iCG2lz2dU))r(F%6tjp8wqpf=]IKFT%ND2kP]ua/W)3-6'eHduX$;$Axqq7Vr.dVZ1SUDSaH)4xTXCIieaEKv47LD-bU)SXMnXO/jPGKn3.!NGBR_5]jD2UoSV9)h%z8G%7.xhI;s)267.rv2...@t2#w)Z(k'UQp9]MyDERrOrG[-,e...@b3rg/kGiR[g6mc0K)/]S]0'+?+'/.[r$fqBR^7iAjoPv4j6SWjeRsLGr%$3#p+buf&u_RC3i/mE3vS3*jp&B1qSJM431TmEg,YJ][ge;6-dJI69?-TB?!BI4?Uza63V3vMY3ake6ahj-%A-m_5lgab!OVR,!pR+;L]eLgilU
--END OF NOTIFICATION
Has anyone an idea what this means?
Regards
--
Andre Pawlowski
-------------------------------------------------------------------
Wenn eine Idee nicht zuerst absurd erscheint, taugt sie nichts.
-Albert Einstein
I think it's "normal" (although I didn't think these messages were
going to be logged). It's definitely nothing to worry about. I think
the random text in the message is just padding to make the keep alives
indistinguishable from other messages based on packet size.
--
R. Loyd Darby, OSSIM-OCSE
Project Manager DOC/NOAA/NMFS
Infrastructure coordinator
Southeast Fisheries Science Center
305-361-4297
