OSSEC Alert - iris - Level 2 - Unknown problem somewhere in the system.
OSSEC HIDS
auton.sysnotify at gmail.com
Tue Oct 8 11:00:20 EDT 2019
OSSEC HIDS Notification.
2019 Oct 08 08:38:32
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:38:32 iris sshguard[84562]: Attack from "151.80.140.166" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:38:32
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:38:32 iris sshguard[84562]: Blocking "151.80.140.166/32" for 3840 secs (3 attacks in 230 secs, after 6 abuses over 6582 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:38:32
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:38:32 iris sshd[96703]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:40:33
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:40:32 iris sshguard[84562]: Attack from "51.75.70.30" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:40:33
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:40:33 iris sshguard[84562]: Attack from "51.75.70.30" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:43:54
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:43:54 iris sshguard[84562]: Attack from "96.78.175.36" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:45:36
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:45:36 iris sshguard[84562]: Attack from "51.75.70.30" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:45:36
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:45:36 iris sshguard[84562]: Blocking "51.75.70.30/32" for 240 secs (3 attacks in 304 secs, after 2 abuses over 1059 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:45:36
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:45:36 iris sshd[89418]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:47:17
Received From: iris->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:47:15 iris dhclient[58870]: em0: sendmsg(DHCPREQUEST): Permission denied
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:48:07
Received From: iris->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:48:07 iris ddclient[15573]: FAILED: updating autonsys.com: NOACCESS: Authentication failed. This happens if the username/password OR host or domain are wrong.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:49:58
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:49:57 iris sshguard[84562]: Attack from "182.16.103.136" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:50:32
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:50:31 iris sshguard[84562]: Attack from "51.75.70.30" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:50:32
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:50:32 iris sshguard[84562]: Attack from "51.75.70.30" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:52:24
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:52:23 iris sshguard[84562]: Attack from "96.78.175.36" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:52:24
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:52:23 iris sshguard[84562]: Blocking "96.78.175.36/32" for 120 secs (3 attacks in 509 secs, after 1 abuses over 509 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:52:24
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:52:23 iris sshd[45538]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:55:27
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:55:27 iris sshguard[84562]: Attack from "51.75.70.30" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:55:27
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:55:27 iris sshguard[84562]: Blocking "51.75.70.30/32" for 480 secs (3 attacks in 296 secs, after 3 abuses over 1650 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:55:27
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:55:27 iris sshd[22034]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:56:17
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:56:17 iris sshguard[84562]: Attack from "96.78.175.36" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 08:58:08
Received From: iris->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 10:58:08 iris ddclient[15573]: FAILED: updating autonsys.com: NOACCESS: Authentication failed. This happens if the username/password OR host or domain are wrong.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 09:00:19
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 11:00:18 iris sshguard[84562]: Attack from "96.78.175.36" on service 100 with danger 10.
--END OF NOTIFICATION
More information about the Autonlab-sysinfo
mailing list