Guest User

OSSEC

a guest
Feb 7th, 2016
113
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Beispiel1:
  2.  
  3. OSSEC HIDS Notification.
  4. 2016 Feb 07 12:30:07
  5.  
  6. Received From: mail->/var/log/apache2/error.log
  7. Rule: 1003 fired (level 13) -> "Non standard syslog message (size too large)."
  8. Portion of the log(s):
  9.  
  10. [Sun Feb 07 12:30:06.204552 2016] [core:error] [pid 19109] (36)File name too long: [client 51.255.65.45:40023] AH00036: access to /http%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother failed (filesystem path '/var/www/html/friendica.anonsys.net/http%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fp
  11. rofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprofile%252Fstop_big_brother%3Fzrl%3Dhttp%253A%252F%252Fsoz-net.neue-mitte-mv.de%252Fprof
  12.  
  13.  
  14.  
  15. --END OF NOTIFICATION
  16.  
  17. Beispiel 2:
  18.  
  19. OSSEC HIDS Notification.
  20. 2016 Feb 07 12:40:50
  21.  
  22. Received From: mail->/var/log/apache2/error.log
  23. Rule: 1003 fired (level 13) -> "Non standard syslog message (size too large)."
  24. Portion of the log(s):
  25.  
  26. [Sun Feb 07 12:40:48.825860 2016] [core:error] [pid 20907] (36)File name too long: [client 51.255.65.12:25785] AH00036: access to /https%2525252525253A%2525252525252F%2525252525252Ffriendica.ambientedigital.org%2525252525252Fprofile%2525252525252Fx%2525252525253Fzrl%2525252525253Dhttps%2525252525253A%2525252525252F%2525252525252Ffriendica.ambientedigital.org%2525252525252Fprofile%2525252525252Fx%2525252525253Fzrl%2525252525253Dhttps%2525252525253A%2525252525252F%2525252525252Ffriendica.ambientedigital.org%2525252525252Fprofile%2525252525252Fx%2525252525253Fzrl%2525252525253Dhttps%2525252525253A%2525252525252F%2525252525252Ffriendica.ambientedigital.org%2525252525252Fprofile%2525252525252Fx failed (filesystem path '/var/www/html/friendica.anonsys.net/https%2525252525253A%2525252525252F%2525252525252Ffriendica.ambientedigital.org%2525252525252Fprofile%2525252525252Fx%2525252525253Fzrl%2525252525253Dhttps%2525252525253A%2525252525252F%2525252525252Ffriendica.ambientedigital.org%25252525
  27. 25252Fprofile%2525252525252Fx%2525252525253Fzrl%2525252525253Dhttps%2525252525253A%2525252525252F%2525252525252Ffriendica.ambientedigital.org%2525252525252Fprofile%2525252525252Fx%2525252525253Fzrl%2525252525253Dhttps%2525252525253A%2525252525252F%2525252525
  28.  
  29.  
  30.  
  31. --END OF NOTIFICATION
  32.  
  33. Beispiel 3:
  34.  
  35. OSSEC HIDS Notification.
  36. 2016 Feb 07 13:28:56
  37.  
  38. Received From: mail->/var/log/apache2/error.log
  39. Rule: 1003 fired (level 13) -> "Non standard syslog message (size too large)."
  40. Portion of the log(s):
  41.  
  42. [Sun Feb 07 13:28:56.398599 2016] [core:error] [pid 27446] (36)File name too long: [client 51.255.65.46:44397] AH00036: access to /http%25252525252525253A%25252525252525252F%25252525252525252Fsoz-net.neue-mitte-mv.de%25252525252525252Fprofile%25252525252525252Fneue-mitte_mv%25253Fzrl%25253Dhttp%25252525252525253A%25252525252525252F%25252525252525252Fsoz-net.neue-mitte-mv.de%25252525252525252Fprofile%25252525252525252Fneue-mitte_mv%25253Fzrl%25253Dhttp%25252525252525253A%25252525252525252F%25252525252525252Fsoz-net.neue-mitte-mv.de%25252525252525252Fprofile%25252525252525252Fneue-mitte_mv%25253Fzrl%25253Dhttp%25252525252525253A%25252525252525252F%25252525252525252Fsoz-net.neue-mitte-mv.de%25252525252525252Fprofile%25252525252525252Fneue-mitte_mv failed (filesystem path '/var/www/html/friendica.anonsys.net/http%25252525252525253A%25252525252525252F%25252525252525252Fsoz-net.neue-mitte-mv.de%25252525252525252Fprofile%25252525252525252Fneue-mitte_mv%25253Fzrl%25253Dhttp%25252525252525253
  43. A%25252525252525252F%25252525252525252Fsoz-net.neue-mitte-mv.de%25252525252525252Fprofile%25252525252525252Fneue-mitte_mv%25253Fzrl%25253Dhttp%25252525252525253A%25252525252525252F%25252525252525252Fsoz-net.neue-mitte-mv.de%25252525252525252Fprofile%25252525
  44.  
  45.  
  46.  
  47. --END OF NOTIFICATION
RAW Paste Data