[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-list
Subject: [ossec-list] FW : OSSEC Notification - (AbnBtAuth2) 192.168.241.82 -
From: "Fred" <sfred92 () free ! fr>
Date: 2006-12-21 14:16:40
Message-ID: 000501c7250a$a8dcc5d0$2186940a () FULCRUM
[Download RAW message or body]
Hello everybody,
Below is an alert email received by OSSEC Server.
However, I don't anything strange.
Would it be the "BAD" word at the end of session id which would have set off
an alert ?
Thanks very much.
Fred
PS: all "XXX" are deleted caracters...:-)
-----Original Message-----
From: OSSEC HIDS
Sent: Thursday, December 21, 2006 5:59 AM
To:
Subject: OSSEC Notification - (XXXAuth2) 192.168.241.82 - Alert level 7
OSSEC HIDS Notification.
2006 Dec 21 04:58:20
Received From: (XXXAuth2)
192.168.241.82->/var/log/httpd/ssl_prod_request_XXX.2006-12-21
Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system."
Portion of the log(s):
[21/Dec/2006:04:57:32 +0100] XXX.XXX.XXX.XXX TLSv1 RC4-MD5 - - "GET
/wbktitre/WebTitre.do;jsessionid=CA6BBF014BB5F923A376BE5569B22BAD HTTP/1.1"
- 302
--END OF NOTIFICATION
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic