hello
ever since installing ASL I've been getting bombarded with email alerts. I've restarted the server but they persist. There are three categories of alerts happening, and a more rare 4th type.
You can see the three folders in the attached file that shows several examples of each of the three alerts (2 of them from LFD and one from OSSEC), and the txt file on the root of the rar is the 4th type (psmon).
would someone please help me sort this out?
thanks in advance.
Help - Getting Flooded with Email Alerts
Help - Getting Flooded with Email Alerts
- Attachments
-
- Email Alerts.rar
- (18.59 KiB) Downloaded 302 times
CentOS 6.9
ASL 4.0.19-37
ASL 4.0.19-37
-
mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4155
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Help - Getting Flooded with Email Alerts
The OSSEC alerts you can ignore:
https://www.atomicorp.com/wiki/index.ph ... st_mean.3F
We will be adding in an exclusion to suppress those on boxes that aren't running the ASL kernel, they should be suppressed on ASL kernel boxes.
As to the LFD alerts, the ossec alerts are wrong, all ossec processes are daemons and run forever. The "suspicious" process alerts, have you asked the LFD folks? They look like you need to configure LFD and/or restart those processes.
https://www.atomicorp.com/wiki/index.ph ... st_mean.3F
We will be adding in an exclusion to suppress those on boxes that aren't running the ASL kernel, they should be suppressed on ASL kernel boxes.
As to the LFD alerts, the ossec alerts are wrong, all ossec processes are daemons and run forever. The "suspicious" process alerts, have you asked the LFD folks? They look like you need to configure LFD and/or restart those processes.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone