It's an OSSEC keep-alive message. It's not supposed to be in the logs, but it is. It's fixed in the latest snapshot.
On Tue, Dec 7, 2010 at 4:54 PM, Jason 'XenoPhage' Frisvold <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I received the following notification from ossec today and I have no idea > what it is. I've truncated the output for security reasons since it looks > like it *might* be some sort of encoded string. Any idea what this is? > > OSSEC HIDS Notification. > 2010 Dec 07 09:22:47 > > Received From: (myServer) 192.168.0.1->ossec-keepalive > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." > Portion of the log(s): > > - --MARK--: *I&ccQ?<lots of gobbledegook here> > > > > - --END OF NOTIFICATION > > - --------------------------- > Jason 'XenoPhage' Frisvold > [email protected] > - --------------------------- > "Any sufficiently advanced magic is indistinguishable from technology." > - - Niven's Inverse of Clarke's Third Law > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.14 (Darwin) > > iEYEARECAAYFAkz+rPwACgkQ8CjzPZyTUTQCCgCgn61LT9l/dVNXvNH3zcGRJ1Z6 > 7IsAoI9l9llPws8CJW877cmJVLtIVH+n > =83Nw > -----END PGP SIGNATURE----- >
