Microsoft's Android app for Outlook is making my OSSEC unhappy. :( These logs are coming in via IIS.
Rule: 1003 fired (level 13) -> "Non standard syslog message (size too > large)." > Portion of the log(s): > > > 4947_Fid:126_St:S_Sk:1758347863_Fid:127_St:S_Sk:11921995_Fid:128_St:S_Sk:1934396847_Fid:129_St:S_Sk:630117934_Fid:13_St:S_Sk:1754505034_Fid:130_St:S_Sk:748505773_Fid:131_St:S_Sk:309540663_Fid:132_St:S_Sk:1772191869_Fid:133_St:S_Sk:565377033_Fid:134_St:S_Sk:281226952_Fid:135_St:S_Sk:62187726_Fid:136_St:S_Sk:1567895604_Fid:137_St:S_Sk:1356942230_Fid:138_St:S_Sk:1515475935_Fid:139_St:S_Sk:1412175845_Fid:14_St:S_Sk:768085750_Fid:140_St:S_Sk:1708529117_Fid:141_St:S_Sk:743126850_Fid:142_St:S_Sk:397094829_Fid:143_St:S_Sk:1815464751_Fid:144_St:S_Sk:2130767954_Fid:145_St:S_Sk:611310625_Fid:146_St:S_Sk:131106572_Fid:147_St:S_Sk:1642314164_Fid:148_St:S_Sk:1204748926_Fid:149_St:S_Sk:1851235748_Fid:15_St:S_Sk:1885412375_Fid:150_St:S_Sk:1181980656_Fid:151_St:S_Sk:137658458_Fid:152_St:S_Sk:2072150418_Fid:153_St:S_Sk:2051081829_Fid:154_St:S_Sk:1944889060_Fid:155_St:S_Sk:2132772168_Fid:156_St:S_Sk:1350885012_Fid:157_St:S_Sk:1335572306_Fid:158_St:S_Sk:707491986_Fid:159_St:S_Sk:384868235_Fid:16_St:S_Sk:1590622507_Fid:160_St:S_Sk:1241069710_Fid:161_St:S_Sk:1161064540_Fid:162_St:S_Sk:1650111764_Fid:163_St:S_Sk:729076120_Fid:164_St:S_Sk:44905471_Fid:165_St:S_Sk:987209269_Fid:166_St:S_Sk:1882339622_Fid:167_St:S_Sk:1745980924_Fid:168_St:S_Sk:80824038_Fid:169_S > > > > --END OF NOTIFICATION This is all part of one log entry. I can add a rule to suppress these alerts, but it seems to me that in agent communications (not syslog comm) to OSSEC, it ought to be allowed to have an extremely large message. Is there a fundamental reason the agent has the same limitation as syslog for communication? Thanks for any responses!!! -Brent -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
