OSSEC Alert-Email Beispiele

OSSEC HIDS Notification.
2008 Jun 19 00:44:45

Received From: (serverXXX) XX.XX.XX.XX->/var/log/syslog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):

Jun 19 00:44:40 serverXXX named[18546]: client XX.XX.XX.XX#54099: query (cache) 'XXX.com/A/IN' denied

 --END OF NOTIFICATION

OSSEC HIDS Notification.
2008 Jun 18 13:37:47

Received From: serverXXX->/var/log/auth.log
Rule: 5720 fired (level 10) -> "Multiple SSHD authentication failures."
Portion of the log(s):

Jun 18 13:37:46 server1 sshd[24131]: Failed password for root from XX.XX.XX.XX port 48315 ssh2
Jun 18 13:37:43 server1 sshd[24129]: Failed password for root from XX.XX.XX.XX port 48003 ssh2
Jun 18 13:37:41 server1 sshd[24125]: Failed password for root from XX.XX.XX.XX port 47235 ssh2
Jun 18 13:37:33 server1 sshd[24121]: Failed password for root from XX.XX.XX.XX port 46580 ssh2
Jun 18 13:37:26 server1 sshd[24119]: Failed password for root from XX.XX.XX.XX port 46418 ssh2
Jun 18 13:37:24 server1 sshd[24113]: Failed password for root from XX.XX.XX.XX port 45782 ssh2
Jun 18 13:37:17 server1 sshd[24111]: Failed password for root from XX.XX.XX.XX port 45606 ssh2

--END OF NOTIFICATION

OSSEC HIDS Notification.
2008 Jun 18 11:53:58

Received From: serverXXX->/var/log/syslog
Rule: 11 fired (level 8) -> "Excessive number of events (above normal)."
Portion of the log(s):

The average number of logs between 11:00 and 12:00 is 5235. We reached 6807.



 --END OF NOTIFICATION

ossec.de

RootServer mit einem hostbasierten Intrusion Detection System absichern

Home

OSSEC

Beispiele

Bücher

Linux Links

weitere Infos

Impressum

OSSEC Alert-Email Beispiele