On Jan 24, 2012, at 8:37 AM, Joe Gedeon wrote: > You should look at your logs and see what is triggering the 400's and > fix that issue if it is a server side issue.
Agreed. Basically, the web browser is trying to obtain something from the server that's just not there. Thus, 400 errors are triggered. As a result, OSSEC sees a bunch of these fly by and considers it an attack. It's far better to fix the underlying problem than to alter OSSEC to ignore such things. --------------------------- Jason 'XenoPhage' Frisvold [email protected] --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - Niven's Inverse of Clarke's Third Law
