On Fri, Sep 14, 2018 at 6:12 AM Chinmay Pandya <[email protected]> wrote: > > I have set ossec to forward alerts in JSON format to my alerting server. > > But sometimes I am getting blank message object in json. > > Here is a sample log > > ossec-box ossec: > {"crit":6,"id":5706,"component":"east1001->10.88.10.114","classification":" > syslog,sshd,recon,","description":"SSH insecure connection attempt > (scan).","message":"","src_ip":"10.14.158.11"} > > It mostly happens with ssh related alert. >
What's usually in that field, the full log? > > Any clue where should I see for error cause I am not getting any errors in > ossec logs. > > _____________________________________________________________ > The information contained in this communication is intended solely for the > use of the individual or entity to whom it is addressed and others authorized > to receive it. It may contain confidential or legally privileged information. > If you are not the intended recipient you are hereby notified that any > disclosure, copying, distribution or taking any action in reliance on the > contents of this information is strictly prohibited and may be unlawful. If > you have received this communication in error, please notify us immediately > by responding to this email and then delete it from your system. The firm is > neither liable for the proper and complete transmission of the information > contained in this communication nor for any delay in its receipt. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
