[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] Still getting those smbd alerts I am trying to ignore
- To: OSSEC Users List <ossec-list@xxxxxxxxxxxxxxxx>
- Subject: [ossec-list] Still getting those smbd alerts I am trying to ignore
- From: "Kayvan A. Sylvan" <kayvan@xxxxxxxxxx>
- Date: Sat, 17 Feb 2007 10:16:56 -0800
- Content-disposition: inline
I'm still getting the following alerts:
OSSEC HIDS Notification.
2007 Feb 17 09:53:08
Received From: satyr->/var/log/messages
Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Feb 17 09:53:08 satyr smbd[14256]: Denied connection from (0.0.0.0)
OSSEC HIDS Notification.
2007 Feb 17 09:53:08
Received From: satyr->/var/log/messages
Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Feb 17 09:53:08 satyr smbd[14256]: Connection denied from 0.0.0.0
My local_rules.xml contains these snippets:
<rule id="100070" level="0">
<if_sid>1002</if_sid>
<program_name>smbd</program_name>
<regex>^\s*Denied connection from (0.0.0.0)</regex>
<description>Ignoring smbd denied connection from</description>
</rule>
<rule id="100080" level="0">
<if_sid>1002</if_sid>
<program_name>smbd</program_name>
<regex>^\s*Connection denied from (0.0.0.0)</regex>
<description>Ignoring smbd denied connection from</description>
</rule>
--
Kayvan A. Sylvan | Proud husband of | Father to my kids:
Sylvan Associates, Inc. | Laura Isabella Sylvan, | Katherine Yelena (8/8/89)
http://sylvan.com/~kayvan | my beautiful Queen. | Robin Gregory (2/28/92)
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.