Hi All, Recently, I faced an strange issue with my setup, where ssh login was taking around 11-12 min for each attempts. I segregated this issue in two parts -
1. I was able to login to system using ssh, but not able to perform any single command on terminal. But after 10-15 min, it becomes normal and able to do all the tasks. 2. Server was throwing "Connection Timeout" error, or it accepts the key/password on target server (as per auth.log) but session was given after 10-15 min. All the above issue solve by making one recent change in OSSEC, and that is disabling the ssh rule id 5715. *What i did with OSSEC eariler ?* I wanted to log the successful ssh attempt so i change the level for rule 5715 to 7 from 3 and restarted ossec service. It worked as expected, But after couple of hours i started facing above issue. *My setup details - * Host OS = Ubuntu 10.04 OSSEC = 2.7 Sever / Client setup AR enabled. AWS EC2 instances *I have two question - * * * 1. I didn't understand how this change affect the SSH login. 2. Is there a way that i can get alerts at sepecific level but can log all levels starting from level 3 ? For example - I want to get email alerts at above level 7, but log all alerts starting from level 3. Thanks Sandeep -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
