[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ossec-list
Subject:    [ossec-list] FW : OSSEC Notification - (AbnBtAuth2) 192.168.241.82 -
From:       "Fred" <sfred92 () free ! fr>
Date:       2006-12-21 14:16:40
Message-ID: 000501c7250a$a8dcc5d0$2186940a () FULCRUM
[Download RAW message or body]


Hello everybody,

Below is an alert email received by OSSEC Server.

However, I don't anything strange.

Would it be the "BAD" word at the end of session id which would have set off
an alert ?

Thanks very much.

Fred

PS: all "XXX" are deleted caracters...:-)

-----Original Message-----
From: OSSEC HIDS 
Sent: Thursday, December 21, 2006 5:59 AM
To: 
Subject: OSSEC Notification - (XXXAuth2) 192.168.241.82 - Alert level 7


OSSEC HIDS Notification.
2006 Dec 21 04:58:20

Received From: (XXXAuth2)
192.168.241.82->/var/log/httpd/ssl_prod_request_XXX.2006-12-21
Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system."
Portion of the log(s):

[21/Dec/2006:04:57:32 +0100] XXX.XXX.XXX.XXX TLSv1 RC4-MD5 - - "GET
/wbktitre/WebTitre.do;jsessionid=CA6BBF014BB5F923A376BE5569B22BAD HTTP/1.1"
- 302



 --END OF NOTIFICATION





[prev in list] [next in list] [prev in thread] [next in thread]