Thank You very much Dan, I will test the solution and change it if it doesn't work. Great staring point :)
Fred On Friday, 2 January 2015 13:49:28 UTC, Fred974 wrote: > > Hi, > > I keep receiving an email with the following content: > > OSSEC HIDS Notification. >> 2015 Jan 02 12:00:01 >> >> Received From: trinity->/var/log/maillog >> Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." >> Portion of the log(s): >> >> Jan 2 12:00:00 trinity smtpd[1161]: smtp-out: Error on session >> 07918989899b62f0: Connection failed: No route to host >> >> >> >> --END OF NOTIFICATION > > > I read that If OSSEC receives a log that it doesn’t know how to decode it > will generate an event 1002 - "Unknown problem somewhere in the system" > The solution is to configure a minimal decoder to identify a unique field > within the log so that OSSEC no longer considers the log unknown. > > Could someone please help me to understand how to apply this solution? > I'll appreciate a simple example to get me on track. > > Thank you > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
