|
ossec Issue
Hi All
I have installed an centos machine running zimbra with apf firewall. I only have a few ports open to the outside such as 25,443,110 etc. I have installed ossec to keep an eye on this but every no then I get a message which gets emailed to my phone about 12 times. I don't mind the odd 1 but I want to stop this. I enclose the ossec email below and the ip address does change so not the same 1. I just need to know how I can sort the issue. Thanks OSSEC HIDS Notification. 2010 Jul 29 13:02:57 Received From: mail->/var/log/messages Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s): Jul 29 13:02:54 mail named[2374]: connection refused resolving '1004web.com/NS/IN': 114.108.131.211#53 --END OF NOTIFICATION |
Edit your BIND config and silence some errors ("category lame-servers") and override OSSEC with a local_rules.xml ("if_sid 1002 and program_name named and read_data contains connection refused resolving then no_email_alert")?
|
That's great thanks
How do I need to add this to the local_rules.xml as still a novice at this as the other examples don't seem to be similar Thanks |
| All times are GMT -5. The time now is 09:12 AM. |