I know this is an old thread but when I Googled, this was the top result,
so I figured it would be okay to continue the discussion here.
I just received this today:
OSSEC HIDS Notification.
> 2019 Apr 04 12:31:45
>
> Received From: server->ossec-keepalive
> Rule: 1002 fired (level 2) -> "Unknown
On 2014-06-13 4:56, Gary Mason wrote:
I used to get this on 2.6 and still get them on 2.7.1
Presumably the snapshots in 2010 didn't have a full fix.
Would like to know the implications of this - is it really a bug that
can be ignored or is there something else going on under the surface ?
Speakin
On Fri, Jun 13, 2014 at 5:56 AM, Gary Mason wrote:
> I used to get this on 2.6 and still get them on 2.7.1
> Presumably the snapshots in 2010 didn't have a full fix.
> Would like to know the implications of this - is it really a bug that can be
> ignored or is there something else going on under t
I used to get this on 2.6 and still get them on 2.7.1
Presumably the snapshots in 2010 didn't have a full fix.
Would like to know the implications of this - is it really a bug that can
be ignored or is there something else going on under the surface ?
Speaking as an admin of PCI-compliant systems
All,
I'm getting this alert also in 2.7.1. I tried writing a rule to filter
them, but it caused remoted to not want to work properly. I'd welcome a
hack at this point, if not a proper fix.
--Josh
On Thu, Mar 13, 2014 at 4:37 AM, Bib Kam wrote:
> Hello,
>
> I'm using OSSEC 2.7 but i get stil
Hello,
I'm using OSSEC 2.7 but i get still this alert!!
Please, how to resolve this issue ?
Thank you in advance
On Friday, December 3, 2010 1:21:23 AM UTC+1, Daniel Cid wrote:
>
> Yes, a bug on OSSEC. These messages are randomly generated and should not
> reach
> analysisd.
>
> Been fixed on t
Yes, a bug on OSSEC. These messages are randomly generated and should not reach
analysisd.
Been fixed on the latest snapshot: http:/www.ossec.net/files/snapshots/
thanks,
On Thu, Dec 2, 2010 at 6:32 PM, dan (ddp) wrote:
> On Thu, Dec 2, 2010 at 4:52 PM, loyd.darby wrote:
>> That leaves only a
On Thu, Dec 2, 2010 at 4:52 PM, loyd.darby wrote:
> That leaves only a memory / buffer overflow kind of error . If it only
> happened once I would not sweat it.
> It is also "possible" that the log data got corrupted in transit (look at
> netstat -s for host and client interfaces)
> If it repeats
That leaves only a memory / buffer overflow kind of error . If it only
happened once I would not sweat it.
It is also "possible" that the log data got corrupted in transit (look
at netstat -s for host and client interfaces)
If it repeats, then I would relook at the logs, possibly with a
differe
I don't find this log entry in any of my logs. That means that there was
no syslog message with this text. Smart didn't detect anything strange
either.
Andre Pawlowski
---
Poor is the pupil who does not surpass his master.
-
It means that a syslog message had one of these words in it:
core_dumped|failure|error|attack|bad |illegal
|denied|refused|unauthorized|fatal|failed|Segmentation Fault|Corrupted
MARK and the string of characters is actually part of the message and it
is likely a disk error.
It definitely should
On Thu, Dec 2, 2010 at 11:27 AM, Andre Pawlowski wrote:
> Hi list,
>
> I've got a strange error message from my ossec server that I don't
> understand:
>
> OSSEC HIDS Notification.
> 2010 Dec 02 09:48:40
>
> Received From: kokyt0s->ossec-keepalive
> Rule: 1002 fired (level 2) -> "Unknown problem s
Hi list,
I've got a strange error message from my ossec server that I don't
understand:
OSSEC HIDS Notification.
2010 Dec 02 09:48:40
Received From: kokyt0s->ossec-keepalive
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
--MARK--:
&pQSW__BPa5S?%t
13 matches
Mail list logo