Hi, Im new to OSSEC (still a Ubuntu noob too) and have left all of the default settings from the installation the same, with the exception of my email address and a tick in the box for email notifications.
Within seconds of setting it all up, I've started getting loads of the same notifications regarding Rule 1002 - Unknown problem somewhere in the system. It looks like this is all to do with Chromium web browser and/or AppArmor? Received From: server->/var/log/syslog Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s): Apr 12 14:56:26 server kernel: [39631.605323] type=1400 audit(1334238986.635:1101151): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/11685/task/11691/stat" pid=6851 comm="Chrome_IOThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 How can I stop this? Is it safe for me to ignore rule 1002 in the config or should I just stop low-level notifications from being emailed to me? If I should stop the notifications, what is the safest level of notification I should stop at? I've seen level 7 mentioned a few times but will I still get notified about failed root logins etc? Better yet, does anyone know how I can solve this unknown problem at its source? Thanks for your help! Nick
