Possible bug with WUI and beta / SRCIP

Issue #14 closed
Anonymous created an issue

Not sure if reporting this is valid, since it is in WUI and not necessarily the beta.. Logs show:

** Alert 1307551098.44296: mail - syslog,errors, 2011 Jun 08 11:38:18 ossec301p->/var/log/messages Rule: 1002 (level 2) -> 'Unknown problem somewhere in the system.' Jun 8 11:38:18 ossec301p kernel: type=1400 audit(1307551097.991:53): avc: denied { getattr } for pid=7824 comm="httpd" path="/var/ossec/queue/syscheck/syscheck" dev=cciss/c0d0p2 ino=18776546 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file

which is a standard selinux error (permissive) but WUI displays as:

2011 Jun 08 11:38:18 Rule Id: 1002 level: 2 Location: ossec301p->/var/log/messages Src IP: 1:38:18 ossec301p kernel: type=1400 audit(1307551097.991:53): avc: denied { getattr } for pid=7824 comm="httpd" path="/var/ossec/queue/syscheck/syscheck" dev=cciss/c0d0p2 ino=18776546 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file Unknown problem somewhere in the system. ** Alert 1307551098.44743: mail - syslog,errors, 2011 Jun 08 11:38:18 ossec301p->/var/log/messages Rule: 1002 (level 2) -> 'Unknown problem somewhere in the system.' Jun 8 11:38:18 ossec301p kernel: type=1400 audit(1307551098.035:54): avc: denied { read } for pid=7824 comm="httpd" name="syscheck" dev=cciss/c0d0p2 ino=18776546 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file

and is showing strange SRCIP as part of the time.

Did log/alert message format change in the 2.6?

Comments (2)

  1. Log in to comment