Hi OSSEC Comunity, I have an issue with a new installation of OSSEC 2.6, I just have been installed and configured the server. This server is RHEL 6.2 compiled to MySQL and it’s in the network 192.x.x.x and the agents in the network 10.x.x.x with 2 FW between them. The problem is that the Wui show the messasges in an incorrect format, i.e.:
2012 Jun 15 16:43:38 Rule Id: 11 level: 4 Location: (oraclemanager) 172.28.67.242->WinEvtLog Src IP: mdaycohost Excessive number of events (above normal). 2012 Jun 15 16:38:40 Rule Id: 5501 level: 3 Location: ossec->/var/log/secure Src IP: 6:38:39 ossec su: pam_unix(su-l:session): session opened for user root by accdayco(uid=500) Login session opened. ** Alert 1339794683.22885: mail - ossec, 2012 Jun 15 16:41:23 ossec->ossec-monitord Rule: 502 (level 3) -> 'Ossec server started.' ossec: Ossec started. 2012 Jun 15 16:35:01 Rule Id: 5501 level: 3 Location: ossec->/var/log/secure Src IP: 6:35:00 ossec sshd[8458]: pam_unix(sshd:session): session opened for user accdayco by (uid=0) Login session opened. ** Alert 1339794307.22371: - pam,syslog,authentication_success, 2012 Jun 15 16:35:07 ossec->/var/log/secure Rule: 5501 (level 3) -> 'Login session opened.' Jun 15 16:35:06 ossec su: pam_unix(su-l:session): session opened for user root by accdayco(uid=500) Can you help me? Kind regards! Oscar D’Lima Especialista I | Coordinación de Mejora Continua de los Servicios Tlf: +58 212 999.90.38 | +58 414 236.78.02 Torre Dayco, Calle Londres, Urb. Las Mercedes, Caracas, Venezuela. ZP 1060-A Master +58 212 999.9100 daycohost.com
