[ossec-list] Splunk + Ossec Successful sudo to ROOT executed

satish patel Wed, 02 Mar 2011 10:09:19 -0800

I have ossec + splunk configured and i am getting following message
again and again. How to get ride on this. How to change rules to
ignore only following message ?


** Alert 1299088508.45319: - syslog,sudo
2011 Mar 02 09:55:08 vmg035->/var/log/auth.log
Rule: 5402 (level 3) -> 'Successful sudo to ROOT executed'
Src IP: (none)
User: root
Mar  2 09:55:07 vmg035 sudo:     root : TTY=pts/1 ;
PWD=/opt/splunk/etc/apps/ossec/bin ; USER=root ;
COMMAND=/var/ossec/bin/agent_control -l


-Satish

[ossec-list] Splunk + Ossec Successful sudo to ROOT executed

Reply via email to