On Sep 28, 2015 2:28 PM, "Abhishek Kumar" <[email protected]> wrote: > > Yes Dan it was very busy.. > > But I again received a notification: > > OSSEC HIDS Notification. > 2015 Sep 28 12:07:00 > > Received From: clexams->netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort > > Rule: 533 fired (level 7) -> "Listened ports status (netstat) changed (new port opened or closed)." > Portion of the log(s): > > ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort': > tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN > tcp6 0 0 :::22 :::* LISTEN > tcp6 0 0 :::80 :::* LISTEN > Previous output: > ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort': > tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN > tcp6 0 0 :::22 :::* LISTEN > That time there was an average load on server. >
And in this case ossec doesn't see the webserver. > Thanks > Abhishek > > On Monday, September 28, 2015 at 2:31:25 PM UTC+5:30, Abhishek Kumar wrote: >> >> Dear Team, >> >> I am getting OSSEC alert 7 . >> >> Received From: Myserver->netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort >> Rule: 533 fired (level 7) -> "Listened ports status (netstat) changed (new port opened or closed)." >> Portion of the log(s): >> >> ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort': >> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN >> tcp6 0 0 :::22 :::* LISTEN >> tcp6 1 0 :::80 :::* LISTEN >> Previous output: >> ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort': >> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN >> tcp6 0 0 :::22 :::* LISTEN >> tcp6 0 0 :::80 :::* LISTEN >> >> Is there any security thread and why its happen how to sort out. >> >> Thanks >> Abhishek > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
