wazuh-ruleset
wazuh-ruleset copied to clipboard
Published
20 hours ago •
wazuh
wazuh
Add aruba rules and decoders
Added Aruba decoders. Aruba is the OS used by HP network devices, for example. Logs taken from HP 2920 switch via syslog:
{"timestamp":"2018-10-02T00:46:26.831+1000","agent":{"id":"000","name":"ip-10-160-16-14"},"manager":{"name":"somename"},"id":"1538405186.2295","cluster":{"name":"wazuh-cluster","node":"node01"},"full_log":" Oct 2 00:46:26 1.2.3.4 00435 ports: port 7 is Blocked by STP\n","decoder":{},"location":"1.1.1.1"}
Sep 27 10:55:32 1.1.1.1 00077 ports: port 3 is now off-line
**Phase 1: Completed pre-decoding.
full event: ' Sep 27 10:55:32 1.1.1.1 00077 ports: port 3 is now off-line'
timestamp: '(null)'
hostname: 'manager1'
program_name: '(null)'
log: ' Sep 27 10:55:32 1.1.1.1 00077 ports: port 3 is now off-line'
**Phase 2: Completed decoding.
decoder: 'aruba'
srcip: '1.1.1.1'
id: '00077'
event_type: 'ports'
srcport: '3'
status: 'now off-line'
**Phase 3: Completed filtering (rules).
Rule id: '700007'
Level: '3'
Description: 'Aruba ports log: Port now off-line.'
**Alert to be generated.
Sep 27 10:48:29 1.2.3.4 02631 SNTP: Server not found at 1.1.1.1.
**Phase 1: Completed pre-decoding.
full event: ' Sep 27 10:48:29 10.150.112.4 02631 SNTP: Server not found at 1.1.1.1.'
timestamp: '(null)'
hostname: 'manager1'
program_name: '(null)'
log: ' Sep 27 10:48:29 1.2.3.4 02631 SNTP: Server not found at 1.1.1.1.'
**Phase 2: Completed decoding.
decoder: 'aruba'
srcip: '1.2.3.4'
id: '02631'
event_type: 'SNTP'
action: ' Server not found at 1.1.1.1.'
**Phase 3: Completed filtering (rules).
Rule id: '700003'
Level: '3'
Description: 'Aruba SNTP log: Server not found.'
**Alert to be generated.
Hi @frgv @migruiz4 this PR is failling due to the following error on the ossec.log:
2018/12/24 17:41:38 ossec-analysisd: CRITICAL: rules_list: Signature ID '700000' not found. Invalid 'if_sid'.
It seems that installation fails at some point, We will appreciate if you can fix the error, thanks. I let you some logging captured:
Ruleset installation log:
"### Wazuh ruleset ###",
"",
"The following rules will be updated:",
"\t0010-rules_config.xml",
"\t0015-ossec_rules.xml",
"\t0016-wazuh_rules.xml",
"\t0020-syslog_rules.xml",
"\t0025-sendmail_rules.xml",
"\t0030-postfix_rules.xml",
"\t0035-spamd_rules.xml",
"\t0040-imapd_rules.xml",
"\t0045-mailscanner_rules.xml",
"\t0050-ms-exchange_rules.xml",
"\t0055-courier_rules.xml",
"\t0060-firewall_rules.xml",
"\t0065-pix_rules.xml",
"\t0070-netscreenfw_rules.xml",
"\t0075-cisco-ios_rules.xml",
"\t0080-sonicwall_rules.xml",
"\t0085-pam_rules.xml",
"\t0090-telnetd_rules.xml",
"\t0095-sshd_rules.xml",
"\t0100-solaris_bsm_rules.xml",
"\t0105-asterisk_rules.xml",
"\t0110-ms_dhcp_rules.xml",
"\t0115-arpwatch_rules.xml",
"\t0120-symantec-av_rules.xml",
"\t0125-symantec-ws_rules.xml",
"\t0130-trend-osce_rules.xml",
"\t0135-hordeimp_rules.xml",
"\t0140-roundcube_rules.xml",
"\t0145-wordpress_rules.xml",
"\t0150-cimserver_rules.xml",
"\t0155-dovecot_rules.xml",
"\t0160-vmpop3d_rules.xml",
"\t0165-vpopmail_rules.xml",
"\t0170-ftpd_rules.xml",
"\t0175-proftpd_rules.xml",
"\t0180-pure-ftpd_rules.xml",
"\t0185-vsftpd_rules.xml",
"\t0190-ms_ftpd_rules.xml",
"\t0195-named_rules.xml",
"\t0200-smbd_rules.xml",
"\t0205-racoon_rules.xml",
"\t0210-vpn_concentrator_rules.xml",
"\t0215-policy_rules.xml",
"\t0220-msauth_rules.xml",
"\t0225-mcafee_av_rules.xml",
"\t0230-ms-se_rules.xml",
"\t0235-vmware_rules.xml",
"\t0240-ids_rules.xml",
"\t0245-web_rules.xml",
"\t0250-apache_rules.xml",
"\t0255-zeus_rules.xml",
"\t0260-nginx_rules.xml",
"\t0265-php_rules.xml",
"\t0270-web_appsec_rules.xml",
"\t0275-squid_rules.xml",
"\t0280-attack_rules.xml",
"\t0285-systemd_rules.xml",
"\t0290-firewalld_rules.xml",
"\t0295-mysql_rules.xml",
"\t0300-postgresql_rules.xml",
"\t0305-dropbear_rules.xml",
"\t0310-openbsd_rules.xml",
"\t0315-apparmor_rules.xml",
"\t0320-clam_av_rules.xml",
"\t0325-opensmtpd_rules.xml",
"\t0330-sysmon_rules.xml",
"\t0335-unbound_rules.xml",
"\t0340-puppet_rules.xml",
"\t0345-netscaler_rules.xml",
"\t0350-amazon_rules.xml",
"\t0360-serv-u_rules.xml",
"\t0365-auditd_rules.xml",
"\t0375-usb_rules.xml",
"\t0380-redis_rules.xml",
"\t0385-oscap_rules.xml",
"\t0390-fortigate_rules.xml",
"\t0395-hp_rules.xml",
"\t0400-openvpn_rules.xml",
"\t0405-rsa-auth-manager_rules.xml",
"\t0410-imperva_rules.xml",
"\t0415-sophos_rules.xml",
"\t0420-freeipa_rules.xml",
"\t0425-cisco-estreamer_rules.xml",
"\t0430-ms_wdefender_rules.xml",
"\t0435-ms_logs_rules.xml",
"\t0440-ms_sqlserver_rules.xml",
"\t0445-identity_guard_rules.xml",
"\t0450-mongodb_rules.xml",
"\t0455-docker_rules.xml",
"\t0460-jenkins_rules.xml",
"\t0470-vshell_rules.xml",
"\t0475-suricata_rules.xml",
"\t0480-qualysguard_rules.xml",
"\t0485-cylance_rules.xml",
"\t0490-virustotal_rules.xml",
"\t0495-proxmox-ve_rules.xml",
"\t0500-owncloud_rules.xml",
"\t0505-vuls_rules.xml",
"\t0510-ciscat_rules.xml",
"\t0515-exim_rules.xml",
"\t0520-vulnerability-detector.xml",
"\t0525-openvas_rules.xml",
"\t0530-mysql_audit_rules.xml",
"\t0535-mariadb_rules.xml",
"\t0540-pfsense_rules.xml",
"\t0545-osquery_rules.xml",
"\t0550-kaspersky_rules.xml",
"\t0555-azure_rules.xml",
"\t0560-docker_integration_rules.xml",
"\t0565-aruba_rules.xml",
"",
"The following rootchecks will be updated:",
"\tcis_apache2224_rcl.txt",
"\tcis_debian_linux_rcl.txt",
"\tcis_mysql5-6_community_rcl.txt",
"\tcis_mysql5-6_enterprise_rcl.txt",
"\tcis_rhel5_linux_rcl.txt",
"\tcis_rhel6_linux_rcl.txt",
"\tcis_rhel7_linux_rcl.txt",
"\tcis_rhel_linux_rcl.txt",
"\tcis_sles11_linux_rcl.txt",
"\tcis_sles12_linux_rcl.txt",
"\tcis_win2012r2_domainL1_rcl.txt",
"\tcis_win2012r2_domainL2_rcl.txt",
"\tcis_win2012r2_memberL1_rcl.txt",
"\tcis_win2012r2_memberL2_rcl.txt",
"\trootkit_files.txt",
"\trootkit_trojans.txt",
"\tsystem_audit_rcl.txt",
"\tsystem_audit_ssh.txt",
"\twin_applications_rcl.txt",
"\twin_audit_rcl.txt",
"\twin_malware_rcl.txt",
"",
"The following decoders will be updated:",
"\t0005-wazuh_decoders.xml",
"\t0006-json_decoders.xml",
"\t0010-active-response_decoders.xml",
"\t0015-aix-ipsec_decoders.xml",
"\t0025-apache_decoders.xml",
"\t0030-arpwatch_decoders.xml",
"\t0035-asterisk_decoders.xml",
"\t0040-auditd_decoders.xml",
"\t0045-barracuda_decoders.xml",
"\t0050-checkpoint_decoders.xml",
"\t0055-cimserver_decoders.xml",
"\t0060-cisco-estreamer_decoders.xml",
"\t0065-cisco-ios_decoders.xml",
"\t0070-cisco-vpn_decoders.xml",
"\t0075-clamav_decoders.xml",
"\t0080-courier_decoders.xml",
"\t0085-dovecot_decoders.xml",
"\t0090-dragon-nids_decoders.xml",
"\t0095-dropbear_decoders.xml",
"\t0100-fortigate_decoders.xml",
"\t0105-freeipa_decoders.xml",
"\t0110-ftpd_decoders.xml",
"\t0115-grandstream_decoders.xml",
"\t0120-horde_decoders.xml",
"\t0125-hp_decoders.xml",
"\t0130-imapd_decoossec-analysisd: Configuration error. Exiting",
"ders.xml",
"\t0135-imperva_decoders.xml",
"\t0140-kernel_decoders.xml",
"\t0145-mailscanner_decoders.xml",
"\t0150-mysql_decoders.xml",
"\t0155-named_decoders.xml",
"\t0160-netscaler_decoders.xml",
"\t0165-netscreen_decoders.xml",
"\t0170-nginx_decoders.xml",
"\t0175-ntpd_decoders.xml",
"\t0180-openbsd_decoders.xml",
"\t0185-openldap_decoders.xml",
"\t0190-openvpn_decoders.xml",
"\t0195-oscap_decoders.xml",
"\t0200-ossec_decoders.xml",
"\t0205-pam_decoders.xml",
"\t0210-pix_decoders.xml",
"\t0215-portsentry_decoders.xml",
"\t0220-postfix_decoders.xml",
"\t0225-postgresql_decoders.xml",
"\t0230-proftpd_decoders.xml",
"\t0235-puppet_decoders.xml",
"\t0240-pure-ftpd_decoders.xml",
"\t0245-racoon_decoders.xml",
"\t0250-redis_decoders.xml",
"\t0255-roundcube_decoders.xml",
"\t0260-rsa-auth-manager_decoders.xml",
"\t0265-rshd_decoders.xml",
"\t0270-samba_decoders.xml",
"\t0275-sendmail_decoders.xml",
"\t0280-serv-u_decoders.xml",
"\t0285-snort_decoders.xml",
"\t0290-solaris_decoders.xml",
"\t0295-sonicwall_decoders.xml",
"\t0300-sophos_decoders.xml",
"\t0305-squid_decoders.xml",
"\t0310-ssh_decoders.xml",
"\t0315-su_decoders.xml",
"\t0320-sudo_decoders.xml",
"\t0325-suhosin_decoders.xml",
"\t0330-symantec_decoders.xml",
"\t0335-telnet_decoders.xml",
"\t0340-trend-osce_decoders.xml",
"\t0345-unbound_decoders.xml",
"\t0350-unix_decoders.xml",
"\t0355-vm-pop3_decoders.xml",
"\t0360-vmware_decoders.xml",
"\t0365-vpopmail_decoders.xml",
"\t0370-vsftpd_decoders.xml",
"\t0375-web-accesslog_decoders.xml",
"\t0378-mariadb_decoders.xml",
"\t0379-dpkg_decoders.xml",
"\t0380-windows_decoders.xml",
"\t0385-wordpress_decoders.xml",
"\t0390-zeus_decoders.xml",
"\t0395-sqlserver_decoders.xml",
"\t0400-identity_guard_decoders.xml",
"\t0405-mongodb_decoders.xml",
"\t0410-docker_decoders.xml",
"\t0415-jenkins_decoders.xml",
"\t0420-vshell_decoders.xml",
"\t0425-qualysguard_decoders.xml",
"\t0430-cylance_decoders.xml",
"\t0435-owncloud_decoders.xml",
"\t0440-proxmox-ve_decoders.xml",
"\t0445-exim_decoders.xml",
"\t0450-openvas_decoders.xml",
"\t0455-pfsense_decoders.xml",
"\t0460-kaspersky_decoders.xml",
"\t0465-azure_decoders.xml",
"\t0470-aruba_decoders.xml",
"",
"OSSEC requires a restart to apply changes.",
"ERROR: OSSEC restart failed"
Ossec.log
"2018/12/24 17:40:49 ossec-testrule: INFO: Started (pid: 1092).",
"2018/12/24 17:40:50 wazuh-db: INFO: Started (pid: 1136).",
"2018/12/24 17:40:50 ossec-execd: INFO: Started (pid: 1150).",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0005-wazuh_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0006-json_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0010-active-response_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0015-aix-ipsec_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0025-apache_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0030-arpwatch_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0035-asterisk_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0040-auditd_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0045-barracuda_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0050-checkpoint_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0055-cimserver_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0060-cisco-estreamer_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0065-cisco-ios_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0070-cisco-vpn_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0075-clamav_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0080-courier_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0085-dovecot_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0090-dragon-nids_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0095-dropbear_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0100-fortigate_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0105-freeipa_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0110-ftpd_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0115-grandstream_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0120-horde_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0125-hp_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0130-imapd_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0135-imperva_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0140-kernel_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0145-mailscanner_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0150-mysql_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0155-named_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0160-netscaler_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0165-netscreen_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0170-nginx_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0175-ntpd_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0180-openbsd_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0185-openldap_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0190-openvpn_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0195-oscap_decoders.xml.",
"2018/12/24 17:40:50 ossec-remoted: INFO: Started (pid: 1167).",
"2018/12/24 17:40:50 ossec-remoted: INFO: Started (pid: 1168).",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0200-ossec_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0205-pam_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0210-pix_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0215-portsentry_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0220-postfix_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0225-postgresql_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0230-proftpd_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0235-puppet_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0240-pure-ftpd_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0245-racoon_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0250-redis_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0255-roundcube_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0260-rsa-auth-manager_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0265-rshd_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0270-samba_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0275-sendmail_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0280-serv-u_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0285-snort_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0290-solaris_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0295-sonicwall_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0300-sophos_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0305-squid_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0310-ssh_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0315-su_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0320-sudo_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0325-suhosin_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0330-symantec_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0335-telnet_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0340-trend-osce_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0345-unbound_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0350-unix_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0355-vm-pop3_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0360-vmware_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0365-vpopmail_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0370-vsftpd_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0375-web-accesslog_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0378-mariadb_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0379-dpkg_decoders.xml.",
"2018/12/24 17:40:50 ossec-monitord: INFO: Started (pid: 1190).",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0380-windows_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0385-wordpress_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0390-zeus_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0395-sqlserver_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0400-identity_guard_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0405-mongodb_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0410-docker_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0415-jenkins_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0420-vshell_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0425-qualysguard_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0430-cylance_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0435-owncloud_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0440-proxmox-ve_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0445-exim_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0450-openvas_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0455-pfsense_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0460-kaspersky_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file ruleset/decoders/0465-azure_decoders.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading decoder file etc/decoders/local_decoder.xml.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading loading the lists file: 'etc/lists/audit-keys'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading loading the lists file: 'etc/lists/amazon/aws-sources'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading loading the lists file: 'etc/lists/amazon/aws-eventnames'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0010-rules_config.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0015-ossec_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0016-wazuh_rules.xml'",
"2018/12/24 17:40:50 wazuh-modulesd: INFO: Process started.",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0020-syslog_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0025-sendmail_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0030-postfix_rules.xml'",
"2018/12/24 17:40:50 wazuh-modulesd:oscap: INFO: Module disabled. Exiting...",
"2018/12/24 17:40:50 wazuh-modulesd:ciscat: INFO: Module disabled. Exiting...",
"2018/12/24 17:40:50 wazuh-modulesd:osquery: INFO: Module disabled. Exiting...",
"2018/12/24 17:40:50 wazuh-modulesd:database: INFO: Module started.",
"2018/12/24 17:40:50 wazuh-modulesd:download: INFO: Module started",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0035-spamd_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0040-imapd_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0045-mailscanner_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0050-ms-exchange_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0055-courier_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0060-firewall_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0065-pix_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0070-netscreenfw_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0075-cisco-ios_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0080-sonicwall_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0085-pam_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0090-telnetd_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0095-sshd_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0100-solaris_bsm_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0105-asterisk_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0110-ms_dhcp_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0115-arpwatch_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0120-symantec-av_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0125-symantec-ws_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0130-trend-osce_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0135-hordeimp_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0140-roundcube_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0145-wordpress_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0150-cimserver_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0155-dovecot_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0160-vmpop3d_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0165-vpopmail_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0170-ftpd_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0175-proftpd_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0180-pure-ftpd_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0185-vsftpd_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0190-ms_ftpd_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0195-named_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0200-smbd_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0205-racoon_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0210-vpn_concentrator_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0220-msauth_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0225-mcafee_av_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0230-ms-se_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0235-vmware_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0240-ids_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0245-web_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0250-apache_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0255-zeus_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0260-nginx_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0265-php_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0270-web_appsec_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0275-squid_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0280-attack_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0285-systemd_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0290-firewalld_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0295-mysql_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0300-postgresql_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0305-dropbear_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0310-openbsd_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0315-apparmor_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0320-clam_av_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0325-opensmtpd_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0330-sysmon_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0335-unbound_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0340-puppet_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0345-netscaler_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0350-amazon_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0360-serv-u_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0365-auditd_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0375-usb_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0380-redis_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0385-oscap_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0390-fortigate_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0395-hp_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0400-openvpn_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0405-rsa-auth-manager_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0410-imperva_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0415-sophos_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0420-freeipa_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0425-cisco-estreamer_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0430-ms_wdefender_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0435-ms_logs_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0440-ms_sqlserver_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0445-identity_guard_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0450-mongodb_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0455-docker_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0460-jenkins_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0470-vshell_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0475-suricata_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0480-qualysguard_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0485-cylance_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0490-virustotal_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0495-proxmox-ve_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0500-owncloud_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0505-vuls_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0510-ciscat_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0515-exim_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0520-vulnerability-detector.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0525-openvas_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0530-mysql_audit_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0535-mariadb_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0540-pfsense_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0545-osquery_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0550-kaspersky_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0555-azure_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'ruleset/rules/0560-docker_integration_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Reading rules file: 'etc/rules/local_rules.xml'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Total rules enabled: '2353'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Ignoring file: '/etc/mtab'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Ignoring file: '/etc/hosts.deny'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Ignoring file: '/etc/mail/statistics'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Ignoring file: '/etc/random-seed'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Ignoring file: '/etc/random.seed'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Ignoring file: '/etc/adjtime'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Ignoring file: '/etc/httpd/logs'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Ignoring file: '/etc/utmpx'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Ignoring file: '/etc/wtmpx'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Ignoring file: '/etc/cups/certs'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Ignoring file: '/etc/dumpdates'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Ignoring file: '/etc/svc/volatile'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Ignoring file: '/sys/kernel/security'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Ignoring file: '/sys/kernel/debug'",
"2018/12/24 17:40:50 ossec-analysisd: INFO: Started (pid: 1156).",
"2018/12/24 17:40:51 ossec-logcollector: INFO: Monitoring output of command(360): df -P",
"2018/12/24 17:40:51 ossec-logcollector: INFO: Monitoring full output of command(360): netstat -tulpn | sed 's/\\([[:alnum:]]\\+\\)\\ \\+[[:digit:]]\\+\\ \\+[[:digit:]]\\+\\ \\+\\(.*\\):\\([[:digit:]]*\\)\\ \\+\\([0-9\\.\\:\\*]\\+\\).\\+\\ \\([[:digit:]]*\\/[[:alnum:]\\-]*\\).*/\\1 \\2 == \\3 == \\4 \\5/' | sort -k 4 -g | sed 's/ == \\(.*\\) ==/:\\1/' | sed 1,2d",
"2018/12/24 17:40:51 ossec-logcollector: INFO: Monitoring full output of command(360): last -n 20",
"2018/12/24 17:40:51 ossec-logcollector: INFO: (1950): Analyzing file: '/var/ossec/logs/active-responses.log'.",
"2018/12/24 17:40:51 ossec-logcollector: INFO: Started (pid: 1172).",
"2018/12/24 17:40:51 ossec-remoted: INFO: (4111): Maximum number of agents allowed: '14000'.",
"2018/12/24 17:40:51 ossec-remoted: INFO: (1410): Reading authentication keys file.",
"2018/12/24 17:40:51 wazuh-modulesd:syscollector: INFO: Module started.",
"2018/12/24 17:40:52 wazuh-modulesd:syscollector: INFO: Starting evaluation.",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Started (pid: 1162).",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Monitoring directory: '/etc', with options perm | size | owner | group | md5sum | sha1sum | sha256sum | mtime | inode.",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin', with options perm | size | owner | group | md5sum | sha1sum | sha256sum | mtime | inode.",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Monitoring directory: '/usr/sbin', with options perm | size | owner | group | md5sum | sha1sum | sha256sum | mtime | inode.",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Monitoring directory: '/bin', with options perm | size | owner | group | md5sum | sha1sum | sha256sum | mtime | inode.",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Monitoring directory: '/sbin', with options perm | size | owner | group | md5sum | sha1sum | sha256sum | mtime | inode.",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Monitoring directory: '/boot', with options perm | size | owner | group | md5sum | sha1sum | sha256sum | mtime | inode.",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Ignoring: '/etc/mtab'",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Ignoring: '/etc/hosts.deny'",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Ignoring: '/etc/mail/statistics'",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Ignoring: '/etc/random-seed'",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Ignoring: '/etc/random.seed'",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Ignoring: '/etc/adjtime'",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Ignoring: '/etc/httpd/logs'",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Ignoring: '/etc/utmpx'",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Ignoring: '/etc/wtmpx'",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Ignoring: '/etc/cups/certs'",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Ignoring: '/etc/dumpdates'",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Ignoring: '/etc/svc/volatile'",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Ignoring: '/sys/kernel/security'",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: Ignoring: '/sys/kernel/debug'",
"2018/12/24 17:40:54 ossec-syscheckd: INFO: No diff for file: '/etc/ssl/private.key'",
"2018/12/24 17:40:54 rootcheck: INFO: Started (pid: 1162).",
"2018/12/24 17:40:55 wazuh-modulesd:syscollector: INFO: Evaluation finished.",
"2018/12/24 17:41:09 ossec-syscheckd: INFO: Syscheck scan frequency: 43200 seconds",
"2018/12/24 17:41:09 ossec-syscheckd: INFO: Starting syscheck scan.",
"2018/12/24 17:41:09 rootcheck: INFO: Starting rootcheck scan.",
"2018/12/24 17:41:09 ossec-authd: INFO: Started (pid: 1412).",
"2018/12/24 17:41:09 ossec-authd: INFO: Accepting connections on port 1515. No password required.",
"2018/12/24 17:41:09 ossec-authd: INFO: Setting network timeout to 1.000000 sec.",
"2018/12/24 17:41:14 ossec-syscheckd: INFO: Starting syscheck database (pre-scan).",
"2018/12/24 17:41:24 rootcheck: INFO: Ending rootcheck scan.",
"2018/12/24 17:41:38 ossec-analysisd: CRITICAL: rules_list: Signature ID '700000' not found. Invalid 'if_sid'.",
"2018/12/24 17:41:38 ossec-syscheckd: WARNING: Cannot open '/boot': No such file or directory ",
"2018/12/24 17:41:38 ossec-syscheckd: INFO: Finished creating syscheck database (pre-scan completed)."
Regards.
