Atomicorp

Security for Everyone
https://forums.atomicorp.com/

Help - Getting Flooded with Email Alerts

https://forums.atomicorp.com/viewtopic.php?t=4590

Page 1 of 1

Help - Getting Flooded with Email Alerts

Posted: Thu Dec 02, 2010 5:02 pm
by gaia
hello

ever since installing ASL I've been getting bombarded with email alerts. I've restarted the server but they persist. There are three categories of alerts happening, and a more rare 4th type.

You can see the three folders in the attached file that shows several examples of each of the three alerts (2 of them from LFD and one from OSSEC), and the txt file on the root of the rar is the 4th type (psmon).

would someone please help me sort this out?

thanks in advance.

Re: Help - Getting Flooded with Email Alerts

Posted: Thu Dec 02, 2010 6:24 pm
by mikeshinn
The OSSEC alerts you can ignore:

https://www.atomicorp.com/wiki/index.ph ... st_mean.3F

We will be adding in an exclusion to suppress those on boxes that aren't running the ASL kernel, they should be suppressed on ASL kernel boxes.

As to the LFD alerts, the ossec alerts are wrong, all ossec processes are daemons and run forever. The "suspicious" process alerts, have you asked the LFD folks? They look like you need to configure LFD and/or restart those processes.
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited