[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: Cisco log sample

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: Cisco log sample
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Thu, 12 Jul 2007 00:07:52 -0300
Cc: rmcclinton@xxxxxxxxxxxxxxxx
Content-transfer-encoding: quoted-printable
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Eg9VjJrQERG7u6YfIACEXXFwMwYS3tz6gKMNwKtyWEAnJ8uRyPEglcf3us9563Ed0rzbJ1+l69kwTFu971iArKN/6Tob1HT94b8/jF3KS3xDe2FwxPIbfSalM12r+sqIFn7Z1zQEEMbz7pQbGchF7uqsGv3qGtyH8bqiye88MFc=

Hi Rick,

Thanks for the log sample. Do you have a few more entries to share?
(maybe one accept
at least). With more entries we make can write a decoder for them...

Regarding the wiki, I closed editing by default (because of spam) and
to get editing access
you need to follow the instructions at:

http://www.ossec.net/wiki/index.php?title=Special:Userlogin

"
PLEASE NOTE:
To avoid spams in our Wiki, you will not to able to edit any page
until you send an e-mail to wiki at ossec.net with your account name
and the message "Register to the Wiki" at the subject.
"

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net


On 7/10/07, McClinton, Rick <rmcclinton@xxxxxxxxxxxxxxxx> wrote:
>
>
>
>
> I'm sorry, but I can't locate the instructions to unlock editing for my wiki
> account.
>
>
>
> I've implemented syslog from one of my routers, and some packets are being
> blocked by its access control lists. Ossec is emailing me at level 7,
> unknown problem somewhere in the system. I'm using regular syslog – I tried
> ossec syslog, but I could not find where it was storing the log after
> receiving and processing it. If Ossec could receive syslog from multiple
> hosts, and store normal syslog files separated by host, I'd be chuffed; but
> I'm OK with using normal syslog for now. Here's what the cisco is sending:
>
>
>
> Jul 10 16:07:14 cisco2621 636: .Jul 10 15:58:56.590 EDT:
> %SEC-6-IPACCESSLOGP: list 102 denied tcp 10.0.6.56(3067) -> 172.36.4.7(139),
> 1 packet
>
>
>
> Please take this as a log sample, and thanks again for Ossec.
>
>
>
>  --
>  Rick McClinton
>  Sr. Systems Engineer
>  Tel: (703) 564-5241
>  Fax: (703) 564-4415
>  Cell: (703) 380-4687
>  Email: rmcclinton@xxxxxxxxxxxxxxxx
>
> TMA Resources, Inc
>  1919 Gallows Road, Ste #400 | Vienna, VA | 22182
>  http://www.tmaresources.com
>
>   This message contains TMA Resources confidential information and is
> intended only for the individual named. If you are not the named addressee
> you should not disseminate, distribute or copy this e-mail. Please notify
> the sender immediately by e-mail if you have received this e-mail by mistake
> and delete this e-mail from your system. E-mail transmission cannot be
> guaranteed to be secure or error-free as information could be intercepted,
> corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
> The sender therefore does not accept liability for any errors or omissions
> in the contents of this message which arise as a result of e-mail
> transmission. If verification is required please request a hard-copy
> version.
>

References:
- [ossec-list] Cisco log sample
  - From: McClinton, Rick

Prev by Date: [ossec-list] Cisco log sample
Next by Date: [ossec-list] What happens if the ossec server is down?
Previous by thread: [ossec-list] Cisco log sample
Next by thread: [ossec-list] What happens if the ossec server is down?
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.