All Apps and Add-ons

Is anyone else getting a lot of "Attack" messages in the /var/log/messages, Splunk forwarder server?

sangjaeju
New Member

In the /var/log/messages, there are a lot of "Attack" messages.
I guess, it was made by SNMP config.

Have you exprienced anything like this ? How can I stop or prevent it ?

== snmp_ta app in splunk forwarder server
/apps/snmp_ta/local/inputs.conf

== /var/log/messages in splunk forwarder server
011SNMPv2-SMI::enterprises.8103.1.5 = STRING: "44826"#011SNMPv2-SMI::enterprises.8103.1.6 = STRING: **"**Attack Web SQLInjection(error message).****C"#011SNMPv2-SMI::enterprises.8103.1.7 = STRING: "..."#011SNMPv2-SMI::enterprises.8103.1.8 = STRING: "2018/05/13 10:45:53"#011SNMPv2-SMI::enterprises.8103.1.9 = STRING: "Alarm"#011SNMPv2-SMI::enterprises.8103.1.10 = STRING: "Protocol=[TCP], SNIPER_ID=[400], Risk=[Low], HackType[01100], HackCount=[1], EndDate=[]"


"#011SNMPv2-SMI::enterprises.8103.1.5 = STRING: "80"#011SNMPv2-SMI::enterprises.8103.1.6 = STRING: **"Directory Traversal Attack(/../../../)"**#011SNMPv2-SMI::enterprises.8103.1.7 = STRING: "..."#011SNMPv2-SMI::enterprises.8103.1.8 
Tags (1)
0 Karma
Get Updates on the Splunk Community!

Out of the Box to Up And Running - Streamlined Observability for Your Cloud ...

  Tech Talk Streamlined Observability for Your Cloud Environment Register    Out of the Box to Up And Running ...

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...