Yeah, I realized I'm going to get an alert every day for the botnet filter license counter too.
Which command are you referring to? On Wednesday, April 8, 2015 at 12:16:22 PM UTC-7, Gaetan Noel wrote: > Thanks for your help guys. > > You are right Brett, the alert.log has all the info. The issue I have is > with Splunk, everything gets sent via syslog and the event is as I pasted > above. For the alert.log here's what I get : > > *** Alert 1428518183.14013429: - syslog,sshd,recon,* > *--* > *Rule: 555 (level 7) -> 'Integrity checksum for agentless device changed.'* > *ossec: agentless: Change detected:* > *1404c1404* > *< ntp clock-period 22519145* > *---* > *> ntp clock-period 22519163* > *2806a2807* > *> Connection to x.x.x.x closed by remote host.* > > That script doesn't give me any problem , it seems to work fine. Although > I should probably change something so it doesn't alert me for the NTP > change. May I ask what command you are running ? > > Thanks, > Gaetan > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
