[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ossec-dev
Subject:    Re: [ossec-dev] omissions and repetitions
From:       "dan (ddp)" <ddpbsd () gmail ! com>
Date:       2011-05-31 15:00:27
Message-ID: BANLkTimbL1Nd1-R-5Y7+RnpRxF8fu-6ikw () mail ! gmail ! com
[Download RAW message or body]

I've never noticed anything like this happening. Is there anything in
your environment that might produce this (syslog collection systems
with an ossec agent, multiple servers, etc)?
This is also the wrong list for this problem.

On Tue, May 31, 2011 at 8:39 AM, Ulis Ilya <ulis.ilya@gmail.com> wrote:
> Hello everyone,
> There is a problem -
>
> Some log records which match a rule treated correctly (e.g. exactly
> one appropriate alert produced)
> when another are multiplied (e.g. give two or more identical alert) or
> disappear (e.g. doesn't produce alert at all).
>
> I didn't succeed to trace which types of logs or enviroment conditions
> leads to ossec malfunction.
>
> Maybe someone knows how to solve this problem? If necessary, I can
> provide relevant decoders, rules and log records.
>
> Thanks in advance
>
> Ilya.
[prev in list] [next in list] [prev in thread] [next in thread]