OSSEC Alert - iris - Level 2 - Unknown problem somewhere in the system.
OSSEC HIDS
auton.sysnotify at gmail.com
Tue Oct 8 00:00:41 EDT 2019
OSSEC HIDS Notification.
2019 Oct 07 21:45:23
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 7 23:45:23 iris sshguard[84562]: Attack from "58.214.0.70" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 07 21:45:25
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 7 23:45:24 iris sshguard[84562]: Attack from "58.214.0.70" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 07 21:45:25
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 7 23:45:24 iris sshguard[84562]: Attack from "52.50.232.130" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 07 21:45:25
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 7 23:45:24 iris sshguard[84562]: Blocking "52.50.232.130/32" for 7680 secs (3 attacks in 426 secs, after 7 abuses over 10782 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 07 21:45:25
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 7 23:45:24 iris sshd[23730]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 07 21:47:30
Received From: iris->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 7 23:47:28 iris ddclient[15573]: FAILED: updating autonsys.com: NOACCESS: Authentication failed. This happens if the username/password OR host or domain are wrong.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 07 21:47:58
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 7 23:47:57 iris sshguard[84562]: Attack from "123.206.22.145" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 07 21:47:58
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 7 23:47:58 iris sshguard[84562]: Attack from "123.206.22.145" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 07 21:47:58
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 7 23:47:58 iris sshguard[84562]: Blocking "123.206.22.145/32" for 3840 secs (3 attacks in 1 secs, after 6 abuses over 6025 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 07 21:49:37
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 7 23:49:36 iris sshguard[84562]: Attack from "58.214.0.70" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 07 21:49:37
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 7 23:49:36 iris sshguard[84562]: Blocking "58.214.0.70/32" for 3840 secs (3 attacks in 253 secs, after 6 abuses over 6816 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 07 21:49:37
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 7 23:49:36 iris sshd[32234]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 07 21:53:44
Received From: hera.int.autonsys.com->/var/log/maillog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 7 23:53:43 hera.int.autonsys.com dma[15311.8018280a0]: connect to smtp.gmail.com [2607:f8b0:400d:c07::6d] failed: No route to host
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 07 21:54:58
Received From: hera.int.autonsys.com->/var/log/maillog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 7 23:54:57 hera.int.autonsys.com dma[15313.8018280f0]: connect to smtp.gmail.com [2607:f8b0:400d:c07::6d] failed: No route to host
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 07 21:55:02
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 7 23:55:01 iris sshguard[84562]: Attack from "140.143.222.95" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 07 21:57:29
Received From: iris->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 7 23:57:29 iris ddclient[15573]: FAILED: updating autonsys.com: NOACCESS: Authentication failed. This happens if the username/password OR host or domain are wrong.
--END OF NOTIFICATION
More information about the Autonlab-sysinfo
mailing list