On Wed, Oct 3, 2018 at 1:03 AM Chinmay Pandya <[email protected]> wrote: > > So far what I have seen is, only alert id "5706" has a blank message and only > if the output is in JSON format. >
But are there blank lines between the full logs and (in this case) the "Src IP?" > On Tuesday, October 2, 2018 at 4:29:37 PM UTC+5:30, dan (ddpbsd) wrote: >> >> On Wed, Sep 19, 2018 at 1:34 AM Chinmay Pandya >> <[email protected]> wrote: >> > >> > This is the alert from alert.log file >> > >> > ** Alert 1536818415.3348561390: - syslog,sshd,recon, >> > 2018 Sep 13 06:00:15 east1001->10.88.10.114 >> > Rule: 5706 (level 6) -> 'SSH insecure connection attempt (scan).' >> > Src IP: 10.14.158.11 >> > >> > >> > Sep 13 06:00:15 east1001 sshd[14453]: Did not receive identification >> > string from 10.14.158.11 >> > >> >> Do all of your alerts have blank lines between the full log message >> and the previous information or just the ones >> with the missing messages in the json alerts? >> The blank lines I see in my alerts.log are between alert entries. > > > _____________________________________________________________ > The information contained in this communication is intended solely for the > use of the individual or entity to whom it is addressed and others authorized > to receive it. It may contain confidential or legally privileged information. > If you are not the intended recipient you are hereby notified that any > disclosure, copying, distribution or taking any action in reliance on the > contents of this information is strictly prohibited and may be unlawful. If > you have received this communication in error, please notify us immediately > by responding to this email and then delete it from your system. The firm is > neither liable for the proper and complete transmission of the information > contained in this communication nor for any delay in its receipt. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
