[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: ossec was finished work unexpectedly

To: "'Daniel Cid'" <daniel.cid@xxxxxxxxx>
Subject: [ossec-list] Re: ossec was finished work unexpectedly
From: "Oleksander Panchuk" <oleksander.panchuk@xxxxxxxxxxx>
Date: Tue, 20 Jun 2006 12:40:04 +0300
Cc: "'Peter Ahlert'" <peter@xxxxxxx>, <ossec-list@xxxxxxxxx>
Content-transfer-encoding: quoted-printable
Importance: Normal

Thanks Daniel,

It may be true. DNS server couldn't output IP of SMTP server.

But all of ossec modules were unloaded from memory. It's stoped.

Aleksander.

> -----Original Message-----
> From: Daniel Cid [mailto:daniel.cid@xxxxxxxxx]
> Sent: Tuesday, June 20, 2006 2:07 AM
> To: Oleksander Panchuk
> Cc: Peter Ahlert; ossec-list@xxxxxxxxx
> Subject: Re: [Ossec-list] ossec was finished work unexpectedly
> 
> Hi Oleksander,
> 
> There are two problems there. The first one is regarding the mod_security
> logs.
> Looks like they mod_security does not print the log "atomically", so when
> ossec tries to read the log, it may get "unluck" and only see parts of the
> message (without the end of line). This is the reason of these first
> messages
> and it will not cause any problem on ossec, just this boring error message
> that I will remove for the next version :)
> 
> The second error should only happen when you start ossec and it can't
> find the IP address of your smtp server. Did you restart ossec at that
> time?
> Does this box has DNS configured properly? If it does not have, you will
> need to provide the smtp server IP address instead of the hostname.
> 
> Hope it helps..
> 
> Thanks,
> 
> --
> Daniel B. Cid
> dcid @ ( at ) ossec.net
> 
> On 6/19/06, Oleksander Panchuk <oleksander.panchuk@xxxxxxxxxxx> wrote:
> > Hi,
> >
> > One problem existing yet
> > Part of ossec.log is below:
> > 2006/06/15 10:35:48 ossec-logcollector(1950): Analyzing file:
> > '/var/log/squid/access.log'.
> > 2006/06/15 10:35:48 ossec-logcollector: Started (pid: 2372).
> > 2006/06/15 18:27:36 incorrect message: 'Authorization: Negotiate
> > YIIQegYGKwYBBQUCoIIQbjCCEG
> > 2006/06/15 18:27:37 incorrect message: 'mod_security-message: Access
> denied
> > with code 406.
> > 2006/06/15 18:27:37 incorrect message: ''
> > 2006/06/15 18:27:37 incorrect message: 'Content-Length: 328'
> > 2006/06/15 18:27:37 incorrect message: 'Content-Type: text/html;
> > charset=iso-8859-1'
> > 2006/06/15 18:27:37 incorrect message: ''
> > 2006/06/16 04:02:49 incorrect message: 'dflo-66-243-230-163.gtcom.net -
> -
> > [16/Jun/2006:04:0
> > 2006/06/16 04:02:49 incorrect message: 'dflo-66-243-230-163.gtcom.net -
> -
> > [16/Jun/2006:04:0
> > 2006/06/16 06:22:24 incorrect message: '[Fri Jun 16 06:22:24 2006]
> [error]
> > [client 58.69.89
> > 2006/06/16 12:01:00 incorrect message: 'lj2022.inktomisearch.com - -
> > [16/Jun/2006:12:01:00
> > 2006/06/16 12:32:43 incorrect message: 'Authorization: Negotiate
> > YIIQegYGKwYBBQUCoIIQbjCCEG
> > 2006/06/16 12:32:43 incorrect message: 'mod_security-message: Access
> denied
> > with code 406.
> > 2006/06/16 12:32:43 incorrect message: ''
> > 2006/06/16 12:32:43 incorrect message: 'Content-Length: 328'
> > 2006/06/16 12:32:43 incorrect message: 'Content-Type: text/html;
> > charset=iso-8859-1'
> > 2006/06/16 12:32:43 incorrect message: ''
> > 2006/06/16 13:24:37 incorrect message: 'lj2390.inktomisearch.com - -
> > [16/Jun/2006:13:24:37
> > 2006/06/16 18:05:29 incorrect message: 'dsl54007d20.pool.t-online.hu - -
> > [16/Jun/2006:18:05
> > 2006/06/16 23:30:03 incorrect message: 'Authorization: Negotiate
> > YIIQegYGKwYBBQUCoIIQbjCCEG
> > 2006/06/16 23:30:03 incorrect message: 'mod_security-message: Access
> denied
> > with code 406.
> > 2006/06/16 23:30:03 incorrect message: ''
> > 2006/06/16 23:30:03 incorrect message: 'Content-Length: 328'
> > 2006/06/16 23:30:03 incorrect message: 'Content-Type: text/html;
> > charset=iso-8859-1'
> > 2006/06/16 23:30:03 incorrect message: ''
> > 2006/06/17 14:17:00 ossec-maild(1501): Invalid SMTP Server: ns1.cbn-
> cis.net.
> > 2006/06/17 14:17:00 ossec-maild(1202): Configuration problem. Exiting.
> > 2006/06/17 14:17:00 ossec-maild(1202): Configuration problem. Exiting.
> > 2006/06/19 14:29:34 ossec-maild: Started (pid: 6824).
> > 2006/06/19 14:29:34 ossec-execd: Started (pid: 6829).
> > 2006/06/19 14:29:34 ossec-analysisd: Reading rules file:
> 'rules_config.xml'
> > 2006/06/19 14:29:34 ossec-analysisd: Reading rules file: 'pam_rules.xml'
> > Best regards,
> > Aleksander.
> >
> >


--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

Follow-Ups:
- [ossec-list] White-list for a network
  - From: Jorge Augusto Senger

References:
- [ossec-list] Re: ossec was finished work unexpectedly
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: problems with 'which' test for executables
Next by Date: [ossec-list] White-list for a network
Previous by thread: [ossec-list] Re: ossec was finished work unexpectedly
Next by thread: [ossec-list] White-list for a network
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.