Re: [ossec-list] strange error message from ossec-keepalive

Thu, 02 Dec 2010 13:09:50 -0800 

I don't find this log entry in any of my logs. That means that there was
no syslog message with this text. Smart didn't detect anything strange
either.

Andre Pawlowski

-------------------------------------------------------------------

Poor is the pupil who does not surpass his master.
        -Leonardo da Vinci

On 12/02/2010 07:54 PM, loyd.darby wrote:
> It means that a syslog message had one of these words in it:
> core_dumped|failure|error|attack|bad |illegal
> |denied|refused|unauthorized|fatal|failed|Segmentation Fault|Corrupted
> MARK and the string of characters is actually part of the message and it
> is likely a disk error.
> It definitely should be looked at.
> 
> On 12/02/2010 12:10 PM, dan (ddp) wrote:
>> On Thu, Dec 2, 2010 at 11:27 AM, Andre Pawlowski<[email protected]>  wrote:
>>   
>>> Hi list,
>>>
>>> I've got a strange error message from my ossec server that I don't
>>> understand:
>>>
>>> OSSEC HIDS Notification.
>>> 2010 Dec 02 09:48:40
>>>
>>> Received From: kokyt0s->ossec-keepalive
>>> Rule: 1002 fired (level 2) ->  "Unknown problem somewhere in the
>>> system."
>>> Portion of the log(s):
>>>
>>> --MARK--:
>>> &pQSW__BPa5S?%tyDTJ3-iCG2lz2dU))r(F%6tjp8wqpf=]IKFT%ND2kP]ua/W)3-6'eHduX$;$Axqq7Vr.dVZ1SUDSaH)4xTXCIieaEKv47LD-bU)SXMnXO/jPGKn3.!NGBR_5]jD2UoSV9)h%z8G%7.xhI;s)267.rv2...@t2#w)Z(k'UQp9]MyDERrOrG[-,e...@b3rg/kGiR[g6mc0K)/]S]0'+?+'/.[r$fqBR^7iAjoPv4j6SWjeRsLGr%$3#p+buf&u_RC3i/mE3vS3*jp&B1qSJM431TmEg,YJ][ge;6-dJI69?-TB?!BI4?Uza63V3vMY3ake6ahj-%A-m_5lgab!OVR,!pR+;L]eLgilU
>>>
>>>
>>>
>>>
>>>   --END OF NOTIFICATION
>>>
>>>
>>> Has anyone an idea what this means?
>>>
>>> Regards
>>>
>>> -- 
>>>
>>> Andre Pawlowski
>>>
>>> -------------------------------------------------------------------
>>>
>>> Wenn eine Idee nicht zuerst absurd erscheint, taugt sie nichts.
>>>         -Albert Einstein
>>>
>>>      
>> I think it's "normal" (although I didn't think these messages were
>> going to be logged). It's definitely nothing to worry about. I think
>> the random text in the message is just padding to make the keep alives
>> indistinguishable from other messages based on packet size.
>>    
>

Reply via email to