[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] OSSEC Hids Notification - Alert level 7

Subject: [Ossec-list] OSSEC Hids Notification - Alert level 7
From: kayvan at sylvan.com (Kayvan A. Sylvan)
Date: Wed, 17 May 2006 12:04:43 -0700

Hi!

I'm running the latest OSSEC.

I get lots of these log messages. What's the recommended way of
customizing the ruleset so that these types of log messages
are ignored?

Thanks.

On Wed, May 17, 2006 at 11:49:09AM -0700, OSSEC HIDS wrote:
> OSSEC HIDS Notification.
> 2006 May 17 11:48:57
> 
> Received From: /var/log/messages
> Rule: 102 fired (level 7) -> "Unknown problem somewhere in the system.'"
> Portion of the log(s):
> 
> smbd[12252]:   getpeername failed. Error was Transport endpoint is not connected 
> 
> 
> 
>  --END OF NOTIFICATION
> 
> 
> 
> OSSEC HIDS Notification.
> 2006 May 17 11:48:57
> 
> Received From: /var/log/messages
> Rule: 102 fired (level 7) -> "Unknown problem somewhere in the system.'"
> Portion of the log(s):
> 
> smbd[12252]:   Denied connection from  (0.0.0.0) 
> 
> 
> 
>  --END OF NOTIFICATION
> 
> 
> 
> OSSEC HIDS Notification.
> 2006 May 17 11:48:57
> 
> Received From: /var/log/messages
> Rule: 102 fired (level 7) -> "Unknown problem somewhere in the system.'"
> Portion of the log(s):
> 
> smbd[12252]:   getpeername failed. Error was Transport endpoint is not connected 
> 
> 
> 
>  --END OF NOTIFICATION
> 
> 
> 
> OSSEC HIDS Notification.
> 2006 May 17 11:48:57
> 
> Received From: /var/log/messages
> Rule: 102 fired (level 7) -> "Unknown problem somewhere in the system.'"
> Portion of the log(s):
> 
> smbd[12252]:   Connection denied from 0.0.0.0 
> 
> 
> 
>  --END OF NOTIFICATION
> 
> 
> 
> OSSEC HIDS Notification.
> 2006 May 17 11:48:57
> 
> Received From: /var/log/messages
> Rule: 102 fired (level 7) -> "Unknown problem somewhere in the system.'"
> Portion of the log(s):
> 
> smbd[12252]:   write_socket_data: write failure. Error = Connection reset by peer 
> 
> 
> 
>  --END OF NOTIFICATION
> 
> 
> 
> OSSEC HIDS Notification.
> 2006 May 17 11:48:57
> 
> Received From: /var/log/messages
> Rule: 102 fired (level 7) -> "Unknown problem somewhere in the system.'"
> Portion of the log(s):
> 
> smbd[12252]:   write_socket: Error writing 5 bytes to socket 5: ERRNO = Connection reset by peer 
> 
> 
> 
>  --END OF NOTIFICATION
> 
> 
> 
> OSSEC HIDS Notification.
> 2006 May 17 11:48:57
> 
> Received From: /var/log/messages
> Rule: 102 fired (level 7) -> "Unknown problem somewhere in the system.'"
> Portion of the log(s):
> 
> smbd[12252]:   Error writing 5 bytes to client. -1. (Connection reset by peer) 
> 
> 
> 
>  --END OF NOTIFICATION
> 
> 
>

Follow-Ups:
- [Ossec-list] OSSEC Hids Notification - Alert level 7
  - From: Daniel Cid

Prev by Date: [Ossec-list] ossec-list Digest, Vol 7, Issue 9
Next by Date: [Ossec-list] OSSEC Hids Notification - Alert level 7
Previous by thread: [Ossec-list] installing ossec in a Zone (Solaris 10, SPARC)
Next by thread: [Ossec-list] OSSEC Hids Notification - Alert level 7
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.