1. Jeremy Rossi
  2. ossec-hids

Commits

dcid  committed eabd68b Draft

Rule when PHP is having disk space issues and fix for PIX rule (by kristianpaul)

  • Participants
  • Parent commits 034fed8
  • Branches default

Comments (0)

Files changed (2)

File etc/decoder.xml

View file
  • Ignore whitespace
   <parent>pix</parent>
   <type>firewall</type>
   <prematch offset="after_parent">^6-106015</prematch>
-  <regex offset="after_parent">^(\S+): (\w+) (\w+) \S+ \S+ (\S+) from </regex>
+  <regex offset="after_parent">^(\S+): (\w+) (\w+) \S+ \S+ from </regex>
   <regex>(\S+)/(\S+) to (\S+)/(\S+)</regex>
   <order>id, action, protocol, srcip, srcport, dstip, dstport</order>
 </decoder>

File etc/rules/php_rules.xml

View file
  • Ignore whitespace
     <options>alert_by_email</options>
   </rule>
 
+  <rule id="31413" level="5" ignore="1200">
+    <if_sid>31410</if_sid>
+    <match>bytes written, possibly out of free disk space in</match>
+    <description>PHP internal error (server out of space).</description>
+    <options>alert_by_email</options>
+    <group>low_diskspace,</group>
+  </rule>
 
 
   <!-- PHP Fatal errors