API tools faq
paste
Advertisement
Guest User

OSSEC

a guest
Feb 7th, 2016
178
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.43 KB | None | 0 0
raw download clone embed print report
  1. Beispiel1:
  2.  
  3. OSSEC HIDS Notification.
  4. 2016 Feb 07 12:30:07
  5.  
  6. Received From: mail->/var/log/apache2/error.log
  7. Rule: 1003 fired (level 13) -> "Non standard syslog message (size too large)."
  8. Portion of the log(s):
  9.  
  10. [Sun Feb 07 12:30:06.204552 2016] [core:error] [pid 19109] (36)File name too long: [client 51.255.65.45:40023] AH00036: access to /http%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother failed (filesystem path '/var/www/html/friendica.anonsys.net/http%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fp
  11. rofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprof
  12.  
  13.  
  14.  
  15. --END OF NOTIFICATION
  16.  
  17. Beispiel 2:
  18.  
  19. OSSEC HIDS Notification.
  20. 2016 Feb 07 12:40:50
  21.  
  22. Received From: mail->/var/log/apache2/error.log
  23. Rule: 1003 fired (level 13) -> "Non standard syslog message (size too large)."
  24. Portion of the log(s):
  25.  
  26. [Sun Feb 07 12:40:48.825860 2016] [core:error] [pid 20907] (36)File name too long: [client 51.255.65.12:25785] AH00036: access to /https%2525252525253A%2525252525252F%2525252525252Ffriendica.ambientedigital.org%2525252525252Fprofile%2525252525252Fx%2525252525253Fzrl%2525252525253Dhttps%2525252525253A%2525252525252F%2525252525252Ffriendica.ambientedigital.org%2525252525252Fprofile%2525252525252Fx%2525252525253Fzrl%2525252525253Dhttps%2525252525253A%2525252525252F%2525252525252Ffriendica.ambientedigital.org%2525252525252Fprofile%2525252525252Fx%2525252525253Fzrl%2525252525253Dhttps%2525252525253A%2525252525252F%2525252525252Ffriendica.ambientedigital.org%2525252525252Fprofile%2525252525252Fx failed (filesystem path '/var/www/html/friendica.anonsys.net/https%2525252525253A%2525252525252F%2525252525252Ffriendica.ambientedigital.org%2525252525252Fprofile%2525252525252Fx%2525252525253Fzrl%2525252525253Dhttps%2525252525253A%2525252525252F%2525252525252Ffriendica.ambientedigital.org%25252525
  27. 25252Fprofile%2525252525252Fx%2525252525253Fzrl%2525252525253Dhttps%2525252525253A%2525252525252F%2525252525252Ffriendica.ambientedigital.org%2525252525252Fprofile%2525252525252Fx%2525252525253Fzrl%2525252525253Dhttps%2525252525253A%2525252525252F%2525252525
  28.  
  29.  
  30.  
  31. --END OF NOTIFICATION
  32.  
  33. Beispiel 3:
  34.  
  35. OSSEC HIDS Notification.
  36. 2016 Feb 07 13:28:56
  37.  
  38. Received From: mail->/var/log/apache2/error.log
  39. Rule: 1003 fired (level 13) -> "Non standard syslog message (size too large)."
  40. Portion of the log(s):
  41.  
  42. [Sun Feb 07 13:28:56.398599 2016] [core:error] [pid 27446] (36)File name too long: [client 51.255.65.46:44397] AH00036: access to /http%25252525252525253A%25252525252525252F%25252525252525252Fsoz-net.neue-mitte-mv.de%25252525252525252Fprofile%25252525252525252Fneue-mitte_mv%25253Fzrl%25253Dhttp%25252525252525253A%25252525252525252F%25252525252525252Fsoz-net.neue-mitte-mv.de%25252525252525252Fprofile%25252525252525252Fneue-mitte_mv%25253Fzrl%25253Dhttp%25252525252525253A%25252525252525252F%25252525252525252Fsoz-net.neue-mitte-mv.de%25252525252525252Fprofile%25252525252525252Fneue-mitte_mv%25253Fzrl%25253Dhttp%25252525252525253A%25252525252525252F%25252525252525252Fsoz-net.neue-mitte-mv.de%25252525252525252Fprofile%25252525252525252Fneue-mitte_mv failed (filesystem path '/var/www/html/friendica.anonsys.net/http%25252525252525253A%25252525252525252F%25252525252525252Fsoz-net.neue-mitte-mv.de%25252525252525252Fprofile%25252525252525252Fneue-mitte_mv%25253Fzrl%25253Dhttp%25252525252525253
  43. A%25252525252525252F%25252525252525252Fsoz-net.neue-mitte-mv.de%25252525252525252Fprofile%25252525252525252Fneue-mitte_mv%25253Fzrl%25253Dhttp%25252525252525253A%25252525252525252F%25252525252525252Fsoz-net.neue-mitte-mv.de%25252525252525252Fprofile%25252525
  44.  
  45.  
  46.  
  47. --END OF NOTIFICATION
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!