[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Rule 11 - excessive number of connections

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Rule 11 - excessive number of connections
From: Lars Scheithauer <larsscheithauer@xxxxxxxxxxxxxx>
Date: Fri, 16 Jun 2006 17:34:47 +0200
Content-transfer-encoding: quoted-printable
Organization: mindcluster.org

Good Day, Everyone!

I'm running a low-profile-webserver, where the connections are pretty jumpy 
(100 more or fewer connections matters more if that's all you'll get in a day 
or if you get those every second), therefore I'm getting a lot of these 
messages:

=============snipsnip============
Received From: /var/log/apache2/access.log
Rule: 11 fired (level 8) -> "Excessive number of connections during this 
hour."
Portion of the log(s):

 The average number of logs between 17:00 and 18:00 is 73. We reached 124.'
No Log Available (HOURLY_STATS)
=============snipsnip============

I'd like to tune that rule a bit, but I can't find a rule 11. Anyone knows 
where that one is defined?

Have a nice weekend,
Lars

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

Follow-Ups:
- [ossec-list] Re: Rule 11 - excessive number of connections
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: Is Active Response on "client" machine possible?
Next by Date: [ossec-list] problems with 'which' test for executables
Previous by thread: [ossec-list] Re: Is Active Response on "client" machine possible?
Next by thread: [ossec-list] Re: Rule 11 - excessive number of connections
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.