[ossec-list] something quite odd (UNKNOWN) in active-responses.log

Chris Phillips Wed, 27 Jul 2011 08:49:29 -0700

Hi All,

I have just seen something quite odd in my active-responses.log: -


Wed Jul 27 15:31:44 BST 2011 /var/ossec/active-response/bin/host-deny.sh add - 
UNKNOWN 1311777104.54981959 5706
Wed Jul 27 15:31:44 BST 2011 /var/ossec/active-response/bin/firewall-drop.sh 
add - UNKNOWN 1311777104.54981959 5706
Wed Jul 27 15:31:44 BST 2011 Invalid ip/hostname entry: UNKNOWN
Wed Jul 27 15:31:44 BST 2011 Unable to run (iptables returning != 2): 1 - 
/var/ossec/active-response/bin/firewall-drop.sh add - UNKNOWN 
1311777104.54981959 5706
Wed Jul 27 15:31:45 BST 2011 Unable to run (iptables returning != 2): 2 - 
/var/ossec/active-response/bin/firewall-drop.sh add - UNKNOWN 
1311777104.54981959 5706
Wed Jul 27 15:31:47 BST 2011 Unable to run (iptables returning != 2): 3 - 
/var/ossec/active-response/bin/firewall-drop.sh add - UNKNOWN 
1311777104.54981959 5706
Wed Jul 27 15:31:50 BST 2011 Unable to run (iptables returning != 2): 4 - 
/var/ossec/active-response/bin/firewall-drop.sh add - UNKNOWN 
1311777104.54981959 5706
Wed Jul 27 15:31:54 BST 2011 Unable to run (iptables returning != 2): 5 - 
/var/ossec/active-response/bin/firewall-drop.sh add - UNKNOWN 
1311777104.54981959 5706
Wed Jul 27 15:31:59 BST 2011 Unable to run (iptables returning != 2): 6 - 
/var/ossec/active-response/bin/firewall-drop.sh add - UNKNOWN 
1311777104.54981959 5706
Wed Jul 27 15:42:14 BST 2011 /var/ossec/active-response/bin/firewall-drop.sh 
delete - UNKNOWN 1311777104.54981959 5706
Wed Jul 27 15:42:14 BST 2011 /var/ossec/active-response/bin/host-deny.sh delete 
- UNKNOWN 1311777104.54981959 5706
Wed Jul 27 15:42:14 BST 2011 Invalid ip/hostname entry: UNKNOWN
Wed Jul 27 15:42:14 BST 2011 Unable to run (iptables returning != 2): 1 - 
/var/ossec/active-response/bin/firewall-drop.sh delete - UNKNOWN 
1311777104.54981959 5706
Wed Jul 27 15:42:15 BST 2011 Unable to run (iptables returning != 2): 2 - 
/var/ossec/active-response/bin/firewall-drop.sh delete - UNKNOWN 
1311777104.54981959 5706
Wed Jul 27 15:42:17 BST 2011 Unable to run (iptables returning != 2): 3 - 
/var/ossec/active-response/bin/firewall-drop.sh delete - UNKNOWN 
1311777104.54981959 5706
Wed Jul 27 15:42:20 BST 2011 Unable to run (iptables returning != 2): 4 - 
/var/ossec/active-response/bin/firewall-drop.sh delete - UNKNOWN 
1311777104.54981959 5706
Wed Jul 27 15:42:24 BST 2011 Unable to run (iptables returning != 2): 5 - 
/var/ossec/active-response/bin/firewall-drop.sh delete - UNKNOWN 
1311777104.54981959 5706
Wed Jul 27 15:42:29 BST 2011 Unable to run (iptables returning != 2): 6 - 
/var/ossec/active-response/bin/firewall-drop.sh delete - UNKNOWN 
1311777104.54981959 5706
h|grep 89.195.5.167

Please can someone shed some light on it?

Cheers,
--
ChrisP

[ossec-list] something quite odd (UNKNOWN) in active-responses.log

Reply via email to