search

ossec / ossec-hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
http://www.ossec.net
Other
4.48k stars 1.04k forks source link

Rule 1002 Unknown problem somewhere in the system - WinEvtLog #1353

Open TriciaE66 opened 6 years ago

TriciaE66 commented 6 years ago

hi, Can anyone help / suggest any checks to help with this issue please or experienced this issue before?.

Received alerts below since Windows agent upgrade every 3 seconds: 2018 Jan 15 00:00:21 WinEvtLog: Application: INFORMATION(0): LogArchiverService: (no user): no domain: .dom1.e-ssi.net: Error occurred getting most recent errorlog item: ORA-12170: TNS:Connect timeout occurred
Followed by: 2018 Jan 15 00:00:21 WinEvtLog: Application: INFORMATION(0): LogArchiverService: (no user): no domain: .dom1.e-ssi.net: Error occurred in ArchiveEntries: ORA-12170: TNS:Connect timeout occurred at .Infrastructure.Services.LogArchiver.ErrorLogDatabaseOracle.GetMostRecentItem(String p_ApplicationServer, String systemName) at .Infrastructure.Services.LogArchiver.LogArchiverServiceWorker.ArchiveEntries()

*replaced original server details with

Thanks

ddpbsd commented 6 years ago

Are you trying to ignore those messages, or investigate them?

TriciaE66 commented 6 years ago

We didn't get the messages until did the Windows agent upgrade. If you have any idea of the cause of it, this would help in that decision, however, we think it is purely log driven so we are looking at ignoring the messages..........

TriciaE66 commented 6 years ago

Any help with ignoring this alert woukd be appreciated. It comes up as ossec: Alert Level: 2 - Rule: 1002 - Unknown problem somewhere in the system.