[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: average number of logs alerts

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: average number of logs alerts
From: "Erik Delfgaauw" <erik.delfgaauw@xxxxxxxxx>
Date: Wed, 20 Jun 2007 19:57:22 +0200
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=ul5ClaFDd/DnRcI5YlHxR6xkTDHJMjSIScYvRfZ+ffwfCtEAkQe47MerXKwK7jAJktscJoLOI/F28PF3I7gxzCTcqsRpLKbqVwwtJ0XQKVUf33puqhxUtbTQ/dhzjOrD1iml2Y1w9DL0az3pEmwB5UiP0IHxl3aIsh6aMd+3IXk=

Hi Steve,

You shouldn't be concerned regarding OSSEC. It's a warning that there is more going on on your systems than normally, about which you SHOULD be concerned ;-)

Go through your logs to find out what is out of the ordinary, and ask yourself questions like: "Did Marketing just launch a new campaign which is causing more publicity and therefore more hits on our web servers?" or: "Did somebody do an article about us?" Etc.

(heck, you could even be Slashdotted as we speak ;-)

Cheers,
Erik

2007/6/19, Steve West <stevewest15@xxxxxxxxx>:

ossec v 1.2

Hi,

Should I be concerned w/ ossec alerts about "The average number of logs
between 14:00 and 15:00 is 25326. We reached 32925."? I'm getting these
several times a day from a number of our linux ossec agents and I just
want to know if I should be concerned or if it has a negative impact on
ossec?

thx,

SW

References:
- [ossec-list] average number of logs alerts
  - From: Steve West

Prev by Date: [ossec-list] OT: AIX knowledge required
Next by Date: [ossec-list] Re: Integrity Checking Not Working <-- BREAKTHROUGH ;-)
Previous by thread: [ossec-list] average number of logs alerts
Next by thread: [ossec-list] New OSSEC User: False Positive
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.