Yes Dan it was very busy.. But I again received a notification:
OSSEC HIDS Notification. 2015 Sep 28 12:07:00 Received From: clexams->netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort Rule: 533 fired (level 7) -> "Listened ports status (netstat) changed (new port opened or closed)." Portion of the log(s): ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort': tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 :::80 :::* LISTEN Previous output: ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort': tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN That time there was an average load on server. Thanks Abhishek On Monday, September 28, 2015 at 2:31:25 PM UTC+5:30, Abhishek Kumar wrote: > > Dear Team, > > I am getting OSSEC alert 7 . > > Received From: Myserver->netstat -tan |grep LISTEN |grep -v 127.0.0.1 | > sort > Rule: 533 fired (level 7) -> "Listened ports status (netstat) changed (new > port opened or closed)." > Portion of the log(s): > > ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort': > tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN > tcp6 0 0 :::22 :::* LISTEN > tcp6 1 0 :::80 :::* LISTEN > Previous output: > ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort': > tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN > tcp6 0 0 :::22 :::* LISTEN > tcp6 0 0 :::80 :::* LISTEN > > Is there any security thread and why its happen how to sort out. > > Thanks > Abhishek > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
