[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: OSSEC error message blows up log file

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: OSSEC error message blows up log file
From: David Williams <davewill@xxxxxxxxxxxx>
Date: Tue, 31 Jul 2007 20:49:27 -0400
Content-transfer-encoding: quoted-printable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John,
	Daniel will be able to explain further I'm sure.  It appears there
are null string (missing) names in your integrity database.  Those
messages look like warnings rather than serious errors (the testing
just moves on to the next entry).  In my case, when I start to see
those, I stop ossec, delete the databases and let ossec rebuild
them.  I'm sure that's not the best way to deal with the issue
though....
	-David

John Whittington wrote:
> Hi – I'm pretty new to OSSEC, please bear with me:
> I recently set up OSSEC-HIDS to manage several RHEL machines – our
> organization's web servers. One machine was set up as the server with 13
> agents. I configured them with the install script and pretty quickly
> seemed to get them up and running. I am having two problems, one of
> which concerns false positives, but I'll post that to a different thread.
> My immediate problem is this: in the past week I've been getting the
> following error showing up in log/ossec.log:
> 
> ossec-analysisd: Invalid integrity message in the database.
> 
> When it returns this error, it does so many times over; typically > 500
> times in the last three days, but on Friday it wrote this error 668,072
> times. Needless to say our ossec.log file has suddenly gotten rather
> large. I've restarted OSSEC on the server a few times now without it
> seeming to make any difference.
> 
> Can anyone tell me what this error means? I only found one page on the
> OSSEC site that mentions it specifically, and it was a thread from the
> dev mailing list. Unfortunately I'm no C programmer. FWIW OSSEC itself
> seems to keep working fine, and still alerts us to events like new users
> logging in or changes to system files. Any feedback would be
> appreciated; I can send more detailed info as requested.
> Thanks – John

- --
_______________________________________________
GPG (http://www.gnupg.org/) key available from:
http://www.kayakero.net/per/david/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFGr9iWCzuSgviBh00RAudSAKCnZP7w5DC5CZvOTaX6JkbQKRy/AQCgqb1/
cXQezqI9ag/GpXZAElebIn4=
=Wa6Z
-----END PGP SIGNATURE-----

Follow-Ups:
- [ossec-list] Re: OSSEC error message blows up log file
  - From: Daniel Cid

Next by Date: [ossec-list] Re: OSSEC error message blows up log file
Next by thread: [ossec-list] Re: OSSEC error message blows up log file
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.