
########################################


N_("msg=\"%s\" subroutine=\"%s\"")}
Severity: err, Class: ERROR
  { MSG_E_SUBGEN,    SH_ERR_ERR,     ERR,   N_("msg=\"%s\" subroutine=\"%s\"")},


############################################################


Messages not logged by the standard log method
==============================================

If a logging method is needed that is (almost) guaranteed to
be signal-safe and/or work in an out-of-memory condition, the logger
command will be invoked to log to syslog (e.g. out of memory, segfault).

If the startup fails, running samhain/yule in the foreground will provide
verbose informations about the problem and possible ways to fix it.


Unsorted messages
=================

Some messages have a variable content of the message field, e.g. because they provide messages from some low-level library (libc, oracle) that may vary between OS or library versions.
	

ls -l style file listing Shows the currently scanned file
Severity: debug, Class: OTHER

   >>>  mode path Shows linked path for symlink
Severity: debug, Class: OTHER

C library error message with interface = XX | An error occurred in a library function XX. The error message as returned by the C library is given. Messages for chdir(), getgrgid(), getpwuid(), glob(), lstat(), opendir(), readlink(), regcomp(), unlink() have severity err, class OTHER.
Severity: debug, Class: ERROR

C library error message with subroutine = pipe or fork | An error occurred in the library function XX when trying to execute an external command for logging.
Severity: err, Class: ERROR

C library error message with subroutine = accept | An error occurred in the library function accept() on the server while processing a connection from a client.
Severity: err, Class: ERROR

C library error message with subroutine = res_query | An error occurred in the library function res_query() while trying to determine the MX host for a mail address.
Severity: err, Class: ERROR

C library error messages with service = export (log server) or email, and host = XX | The error message as returned by the C library when trying to connect to the mail exchanger or log server
Severity: err, Class: ERROR

C library error messages with subroutine = sh_socket_XX: YY | Error in the module for the server UNIX domain socket while executing the library function YY. 
Severity: err, Class: ERROR

Oracle client library error messages with subroutine = sh_database_query | An error occurred in a call to the Oracle API. 
Severity: err  Class: ERROR

XX: Connection to database YY failed | An error occurred in a call to the Oracle API. The failing API function is XX
Severity: err  Class: ERROR

XX: subdirectory count (NN1) != hardlinks (NN2) | For the directory XX, the number of hardlinks does not correspond to the canonical value. Usually happens on Linux with the root directory of ReiserFS filesystems.
Severity: SeverityDirs Class: ERROR

GnuPG output with subroutine = gpg_check_file_sign | Verbose output from GnuPG during signature verification.
Severity: debug  Class: ERROR

XX failed (with subroutine = filesystem_type_uncached) | The C library function
XX failed during the SUID/SGID check
Severity: err  Class: ERROR

NN pages locked | NN pages of memory have been locked, such that they are not paged out to disk. This is done to prevent leakage of sensitive information, e.g. the session key for client/server communication.
Severity: info  Class: ERROR


In alphabetic order
===================

---- TIMESTAMP ---- | Timestamp message, sent at user-defined intervals.
Severity: mark, Class: STAMP

Bad argument count | Internal error in the prelink module.
Severity: err  Class: ERROR

Bad block length | Internal error in the cryptographic library.
Severity: err  Class: ERROR

Bad message format | A command sent to the server via the UNIX domain socket /cfmu/yule/run/yule.sock was not correctly formatted.
Severity: err  Class: ERROR

Bad password | An attempt was made to send a command to the server via the UNIX
domain socket /cfmu/yule/run/yule.sock, but the password was not correct.
Severity: err  Class: ERROR

Bad PID in lock file | A lock file (for the log file) exists, but contains something other than a numeric PID.
Severity: err  Class: ERROR

Bad PID in PID file | The PID file exists, but contains something other than a numeric PID.
Severity: err  Class: ERROR

Cannot create lock file | A lock file (for the log file) could not be created.
Severity: err  Class: ERROR

Cannot create PID file | The PID file could not be created.
Severity: err  Class: ERROR

Cannot open lock file for read | A lock file (for the log file) exists, but cannot be opened. Most likely an access permission problem.
Severity: err  Class: ERROR

Cannot open PID file for read | The PID file exists, but cannot be opened. Most
likely an access permission problem.
Severity: err  Class: ERROR

Cannot read lock file |  Error reading a lock file (which has already been opened for read).
Severity: err  Class: ERROR

Cannot read mount list from memory | Failure to read list of mounted filesystems due to some error in a low-level library call. May be caused by insufficient access permission.
Severity: err, Class: OTHER

Cannot read PID file | Error reading the PID file (which has already been opened for read).
Severity: err  Class: ERROR

Cannot remove stale lock file, PID may be a running process | The PID in the lock file is not the one of the current process, and there seems to be another process with this PID running. The lock file will not be replaced.
Severity: err  Class: ERROR

Cannot remove stale PID file, PID may be a running process | The PID in the PID file is not the one of the current process, and there seems to be another process with this PID running. The PID file will not be replaced.
Severity: err  Class: ERROR

Cannot resolve client name | The hostname claimed by the client, and listed in the message, cannot be reverse resolved by the DNS on the server. The severity is adjustable via SeverityLookup.
Severity: crit, Class: OTHER

Cannot resolve socket peer IP for client | The IP address of the connecting peer (client) cannot be resolved by the DNS on the server. The severity is adjustable via SeverityLookup. The message lists the connecting client (host name claimed by the client) and the IP address of the peer.
Severity: crit, Class: OTHER

Check failed | The named file could not be checked (generic message).
Severity: info, Class: OTHER

Checked for SUID programs: NN files, NN seconds | Summary info after running the SUID/SGID check
Severity: info, Class: OTHER

Checking | Names the file or directory that will be scanned next.
Severity: info, Class: OTHER

Checking for SUID programs | Informational message indicating the start of the SUID/SGID check
Severity: notice  Class: ERROR

Checking mounts | Indicates the start of the mounts check
Severity: notice, Class: OTHER

Checksum | Reports the checksum of a scanned file
Severity: debug, Class: OTHER

Checksum mismatch | The checksum of the GnuPG executable does not match the compiled-in checksum.
Severity: err  Class: ERROR

Cipher in wrong state | Internal error in the cryptographic library.
Severity: err  Class: ERROR

Close entropy source | Indicates that the entropy gatherer has finished processing an entropy source (some external command like e.g. ps)
Severity: debug, Class: OTHER

Compiled-in checksum modified: one XX two YY | The compiled-in checksum of the GnuPG executable has been modified (there are two places where it is stored ...)
Severity: err, Class: ERROR

Compiled-in fingerprint modified: one XX two YY | The compiled-in checksum of the PGP signing key has been modified (there are two places where it is stored ...)
Severity: err, Class: ERROR

Compiled-in gpg checksum does not match: need XX got YY | The compiled-in checksum XX of the GnuPG executable does not match the actual checksum YY. May indicate that gpg has been updated - in this case, samhain needs to be recompiled with the correct gpg checksum.
Severity: err, Class: ERROR

Config option SetSocketAllowUID not supported, use SetSocketPassword | Incorrect configuration. The OS does not support passing credentials over a UNIX doamin socket, therefore password authentication must be used, and the SetSocketPassword option must be supplied in the server configuration file.
Severity: warn  Class: ERROR

Configuration file: missing @end | There is a typo in the configuration file. A block started with an @hostname directive is not finished with an @end directive. The line number is listed.
Severity: warn, Class: ERROR

Configuration file: unmatched @end | There is a typo in the configuration file. An @end directive was encountered with no preceding @hostname directive. The line number is listed.
Severity: warn, Class: ERROR

Connecting entity unknown | The IP address of the peer connecting to the server
could not be determined.
Severity: err  Class: ERROR

Connection error: XX | An error occurred while reading from or writing to the TCP socket during client/server connection. The error message of the underlying library call is provided.
Severity: err, Class: OTHER

Connection error: XX | An error occurred while reading from or writing to the TCP socket during client/server connection. The error message of the underlying library call, the port and the subroutine name are provided.
Severity: err, Class: OTHER

Connection reset by peer | The connection to the named host has been aborted by the peer.
Severity: crit, Class: OTHER

Connection timeout | The connection to the named host has timed out.
Severity: crit, Class: OTHER

Could not check suid/sgid file | Some error occurred while trying to check a SUID/SGID file
Severity: err, Class: ERROR

Could not execute entropy source | The entropy gatherer could not execute the listed external command.
Severity: debug, Class: OTHER

Could not execute file | An external command that should be used for logging could not be executed. The command, and the executing UID are listed. 
Severity: err, Class: ERROR

Could not open pipe | Internal error while trying to execute an external programm (gpg or prelink)
Severity: err  Class: ERROR

Could not open temporary file | When downloading the configuration file or baseline database from the server, the temporary file to hold the data could not be opened. Indicates lack of write permission to the home directory.
Severity: err, Class: OTHER

Could not write PID file | Usually an access permission problem for the PID file (/cfmu/samhain/run/samhain.pid or /cfmu/yule/run/yule.pid) or its directory. The current UID is listed.
Severity: err, Class: ERROR

d: NN1, -: NN2, l: NN3, |: NN4, s: NN5, c: NN6, b: NN7 | Summary information after scanning a directory, listing the number of files of various types
Severity: info, Class: OTHER

Dangling link | The listed symlink is dangling (linked path is missing).
Severity: info, Class: OTHER

Data contents are invalid | Internal error in the cryptographic library.
Severity: err  Class: ERROR

Data from entropy source | The entropy gatherer has obtained data from an external command. The amount of bytes is listed.
Severity: debug, Class: OTHER

database name not set, using default 'samhain' | The database name was not set in the configuration file. The default value 'samhain' will be used.
Severity: err  Class: ERROR

database password not set, cannot proceed | The database password was not set in the configuration file. There is no default, and database logging will be disabled.
Severity: err  Class: ERROR

database user not set, using default 'samhain' | The database user was not set in the configuration file. The default value 'samhain' will be used.
Severity: err  Class: ERROR

Dereferenced NULL pointer | Indicates an attempt to call free() on a NULL pointer. Internal error, should be reported to the author of samhain. 
Severity: err, Class: ERROR

Device not available | If /dev/random is used as entropy source (Linux), indicates a timeout while trying to read from the device. If samhain can fallback on /dev/urandom, severity is notice.
Severity: err, Class: ERROR

Downloading configuration file | Indicates that the client is about to download the configuration file from the server.
Severity: info, Class: OTHER

Downloading database file | Indicates that the client is about to download the baseline database from the server.
Severity: info, Class: OTHER

EXIT | Indicates termination of the program. If the server sees this message, it marks the client as exited.
Severity: alert, Class: START

Empty groups file entry: XX | There is no group for the listed GID. The error message XX of the underlying library call is provided.   
Severity: err, Class: ERROR

Empty password file entry: XX | There is no user for the listed UID. The error message XX of the underlying library call is provided.   
Severity: err, Class: ERROR

Encryption mismatch in ..: server: XX client: YY | Client and server are compiled for different versions of the encryption protocol. Recompile.
Severity: err, Class: OTHER

End of data, closing entropy source | The entropy gatherer has finished processing an entropy source (an external command, e.g. ps)
Severity: debug, Class: OTHER

Error copying key | Internal error, should be reported to the author of samhain
Severity: err, Class: ERROR

Error in big integer library | Internal error in the multiprecision integer library, should be reported to the author of samhain
Severity: err, Class: OTHER

Error opening temporary file | The temporary file for downloading a configuration file or baseline database could not be opened. Could be due to lack of write permission for the home directory.
Severity: debug  Class: ERROR

Error writing HTML status | The server could not write the HTML status file (/cfmu/yule/log/yule.html). Usually a file access problem.
Severity: err, Class: ERROR

Execute entropy source | The entropy gatherer is about to execute the named external command to obtain entropy.
Severity: debug, Class: OTHER

Failed to release time slice | The SUID/SGID check was configured to release the time slice after checking a file, but the corresponding system call failed.
Severity: err  Class: ERROR

File access error. | | The named file could not be accessed to check whether it is writeable by trusted users only
Severity: err, Class: ERROR

File check completed. | Indicates the end of a file check run. Time and speed (kB/sec) are listed
Severity: notice, Class: OTHER

File download completed | The client has finished the download of the configuration file or baseline database from the server.
Severity: info, Class: OTHER

File download failed | An error has occurred while downloading the configuration file or baseline database from the server.
Severity: err, Class: OTHER

File lock error | It was not possible to create a lock file (path listed) for the log file (path listed). Either a file access problem (current UID is listed), or the log file is locked by a another instance of samhain/yule.
Severity: err, Class: ERROR

File not accessible | The named file is not accessible for the given UID. May
also happen for NFS mount points if the server hangs.
Severity: err, Class: ERROR

File or directory appears twice in configuration | Typo in the configuration file. A file or directory is listed multiple times.
Severity: warn, Class: OTHER

File too large | Configuration file or baseline database exceeds 2Gb
Severity: err  Class: ERROR

File transfer completed | A requested file has been transferred to the named host.
Severity: info, Class: OTHER

Filename not an absolute path | Typo in the configuration file. A relative path has been given instead of an absolute one (path is listed).
Severity: err, Class: OTHER

Filename too long | The listed filename exceeds PATH_MAX. Should not happen ...
Severity: err, Class: OTHER

Fingerprint mismatch | While checking PGP signature of configuration file or baseline database, the fingerprint for the signing key did not match the compiled-in fingerprint (i.e. the file is signed, but with the wrong PGP key).
Severity: err  Class: ERROR

Force authentication | The session key for the named host has expired, thus the host will be forced to negotiate a fresh session key
Severity: info, Class: OTHER

Found entropy source | The entropy gatherer has found the named external command (e.g. ps) and will use it as entropy source
Severity: debug, Class: OTHER

Found suid/sgid file | The named file was found to have SUID/SGID mode during the SUID/SGID check
Severity: info, Class: OTHER

Group writeable and member not trustworthy. | The named file is used internally by samhain/yule, but is group writeable, and at least one group member is not in the list of trusted users
Severity: err, Class: ERROR

Hostname is NULL | The client did not send its hostname
Severity: crit, Class: OTHER

Illegal zero reply | Error within the SRP authentication protocol.
Severity: err, Class: OTHER

Incorrect checksum | For an external command (external logging, or prelink) a checksum was specified, but the actual checksum of the command is different.
Severity: err, Class: ERROR

Insecure key generation | No entropy gould be gathered, and thus cryptographic operations that require entropy (randomness) are not secure.
Severity: err, Class: ERROR

Invalid connection attempt: XX | A connection request from the named client was rejected by the server. Possible reasons are: reverse lookup failed, the client is unknown, or the client password is incorrect.
Severity: crit, Class: OTHER

Invalid connection state | An error occured during the client/server protocol. Usually caused by concurrent access by two client instances running simultaneously on the same host.  
Severity: err, Class: ERROR

Invalid filename (prob. too long or null). | Internal error.
Severity: err, Class: ERROR

Invalid input | Typo in the configuration file. A wrong value was specified for an option.
Severity: warn, Class: ERROR

Invalid line NN in configuration file: incorrect format | Typo in the configuration file. The general layout is incorrect.
Severity: warn, Class: ERROR

Invalid request NN in pass MM | Bad data from client.
Severity: crit, Class: OTHER

Key direction is invalid | Internal error in the cryptographic library.
Severity: err  Class: ERROR

Key material not of correct length | Internal error in the cryptographic library.
Severity: err  Class: ERROR

Key passed is not valid | Internal error in the cryptographic library.
Severity: err  Class: ERROR

LOGKEY | The key that is generated when logging to the local logfile starts, and that can be used to verify the logfile integrity.
Severity: alert, Class: LOGKEY

Large lstat/open overhead: NN sec | It took several seconds to perform an lstat() on a file and then open() it. Unprivileged users may be able to slow lstat(), thus this condition may indicate a DoS attack. 
Severity: err, Class: OTHER

Message delivery confirmed | The server has confirmed receipt of a message.
Severity: debug, Class: OTHER

Message delivery not confirmed | The server has not confirmed receipt of a message.
Severity: err, Class: OTHER

Message transfer completed | The client has finished a message transfer.
Severity: debug, Class: OTHER

Module execution error | An error occurred when executing the named module (e.g. the SUID/SGID check module, or the mounts check module)
Severity: err, Class: OTHER

Module initialized | The named module has been initialized
Severity: info, Class: OTHER

Module not initialized | The named module has not been initialized (e.g. because it is unused)
Severity: warn, Class: OTHER

Mount missing | The listed filesystem should be mounted, but is not.
Severity: warn, Class: EVENT

Mount option missing | The listed mount option is missing for the listed filesystem.
Severity: warn, Class: EVENT

NEW CLIENT | New connection by the listed client.
Severity: notice, Class: OTHER

New connection | New connection by a client to the server
Severity: info, Class: OTHER

No action specified: init, update, or check | Neither in the configuration file nor on the command line was specified whether to run in init, update, or check mode.
Severity: err  Class: ERROR

nodename returned by uname may be truncated | The uname system call has returned a value for the nodename that exactly fills the buffer and therefore might or might not be truncated (on many OS the uname() system call is broken, as the buffer size is not sufficiently large for a domain label). This warning indicates that the own hostname may not be correctly determined.
Severity: warn  Class: ERROR

No entropy collected | The entropy gatherer could not collect entropy.
Severity: err, Class: ERROR

No file from server, trying local file | When running in 'init' mode, the client did not receive a configuration file from the server, and will try to fall back on a local file
Severity: info, Class: OTHER

No files or directories defined for checking | The client configuration file does not contain any directives for files to check.
Severity: warn, Class: OTHER

No good signature | The PGP signature of configuration file or baseline database could not be verified.
Severity: err  Class: ERROR

No fingerprint for key | While checking PGP signature of configuration file or baseline database, the fingerprint for the signing key could not be obtained.
Severity: err  Class: ERROR

No MX record for domain XX | Domain XX has no DNS entry of type MX
Severity: debug  Class: ERROR

No server name available | The client does not know the server name or address
Severity: err, Class: OTHER

No socket peer alias matches client name | The IP address of the peer connecting to the server does not resolve to any client listed in the server configuration file. Often a DNS problem. 
Severity: crit, Class: OTHER

Not accessible or not a regular file | While trying to determine a file checksum, reading from the file failed (e.g. because of access permission, NFS problem, or because the file changed underneath the check)
Severity: err, Class: ERROR

Not TIGER_FD | Internal error in the checksum routine.
Severity: SeverityFiles  Class: ERROR

No valid ticket | Internal error in the prelink module.
Severity: debug  Class: ERROR

NULL input | Internal error in the server.
Severity: err  Class: ERROR

ORACLE_HOME environment variable not set | The program was started without setting the environment variable ORACLE_HOME before.
Severity: err  Class: ERROR

Out of sync | Internal error in the client/server code. 
Severity: crit, Class: OTHER

Owner not trustworthy. | The named file is used internally by samhain/yule, but its owner is not in the list of trusted users
Severity: err, Class: ERROR

PANIC XX | A fatal error XX has occurred that will cause samhain/yule to terminate
Severity: alert, Class: ERROR

PANIC - File modified | The listed file has been modified 
Severity: alert, Class: ERROR

PANIC - File not accessible | The listed file could not be read
Severity: alert, Class: ERROR

PANIC - No data in file | The configuration file / baseline database contains no data
Severity: alert, Class: ERROR

PANIC - Untrusted path | An untrusted user with the named UID owns (or has write access to) the listed file or directory  
Severity: alert, Class: ERROR

PANIC Error initializing the application | Startup failed
Severity: alert, Class: ERROR

Params struct passed to cipherInit invalid | Internal error in the cryptographic library.
Severity: err  Class: ERROR

path too long | The internally constructed path to a file path exceeds PATH_MAX
Severity: err, Class: ERROR

PID dir path too long | The path of the yule pid directory (where the UNIX domain socket /cfmu/yule/run/yule.sock is created) is too long. Recompile with another location for the PID directory.
Severity: err  Class: ERROR

POLICY [XX] YY | A file watched under the XX policy has been modified. The modified items (insofar as they are watched under this policy) are given in the XX code as follows: C checksum, L linked path (for a symlink), D device number (for a device), I inode, H number of hardlinks, M mode, U owner, G group, T timestamp, S size
Severity: err, Class: EVENT

POLICY ADDED | The listed file was found in the filesystem, but is not present in the baseline database.
Severity: err, Class: EVENT

POLICY MISSING | The listed file is missing in the filesystem, but is present in the baseline database.
Severity: err, Class: EVENT

POLICY NODIRECTORY | The listed path is not a directory, but is listed as directory in the configuration file. Usually a confusion between symlink to directory and directory
Severity: err, Class: EVENT

POLICY [SuidCheck] suid/sgid file not in database | The listed SUID/SGID file is not present in the baseline database
Severity: crit, Class: EVENT

Password file entry too long | A user entry exceeds some limit
Severity: err, Class: ERROR

Path is NULL | Internal error.
Severity: err, Class: OTHER

Protocol mismatch | Client and server use different communication protocols.
Severity: err, Class: OTHER

Quarantine error: XX | An error occurred when quarantining a SUID/SGID file found by the SUID/SGID check
Severity: crit, Class: EVENT

Quarantine report: XX | Report on quarantining a SUID/SGID file found by the SUID/SGID check
Severity: crit, Class: EVENT

Queue full, messages may get lost | For the named service (email or log server), the connection had failed, and the queue has filled up. Further messages are lost. To be fixed by running an update for the messages received by the server, and restarting the client to detect the file changes for which messages were lost.
Severity: err, Class: ERROR

Registered XX, salt YY, verifier ZZ | Server has registered the named client which was listed in its configuration file.
Severity: debug, Class: OTHER

Requested file not found | The named file (configuration file or baseline database) requested for download from the named client, was not found
Severity: crit, Class: OTHER

Restart without prior exit | A START message was received from a client, although the client was already marked as active
Severity: crit, Class: OTHER

Reverse lookup of socket peer failed | A reverse lookup for the IP address of the connection peer failed. Severity configurable via SeverityLookup
Severity: crit, Class: OTHER

Runtime configuration reloaded | The configuration file was reloaded because a SIGHUP was received. Can also be triggered by the server.
Severity: crit, Class: START

second signed message in file | A PGP-signed configuration file contains two signed messages. 
Severity: err  Class: ERROR

Server up, simultaneous connections: NN | Informational message at server startup, gives the maximum number of simultaneous client connections (which is not a limit on the number of clients)
Severity: mark, Class: START

Service failure | The named logging facility (service) is not available due to some error.
Severity: err, Class: ERROR

Session key negotiated | Client and server have successfully negotiated a session key in the authentication phase of the connection
Severity: info, Class: OTHER

Session key negotiation failed | Client and server failed to negotiated a session key in the authentication phase of the connection. Usually wrong password.
Severity: err, Class: OTHER

Signature database exists | An attempt has been made to initialize the baseline database although the file already exists. This is usually an error, because init will append, but check will use the first database found in the file.
Severity: warn, Class: OTHER

Socket exists, trying to unlink it | The UNIX domain socket /cfmu/yule/run/yule.sock already exists. Yule will try to unlink it (aasuming it is a stale socket from a previous instance of yule).
Severity: err  Class: ERROR

START | Startup message. The PGP key ID and user for the signature on the configuration file is listed. 
Severity: alert, Class: START

stat() failed. | For the named file, no stat() library call could be performed to check whether it is writeable by trusted users only
Severity: err, Class: ERROR

Subprocess exited normally with status NN | When executing an external logging command, the command exited normally.
Severity: info  Class: ERROR

Subprocess not yet exited, killing | When executing an external logging command, the command seems to hang and will be killed
Severity: info  Class: ERROR

Subprocess stopped by signal NN, killing | When executing an external logging command, the command was stopped by a signal, and will be killed.
Severity: info  Class: ERROR

Subprocess terminated by signal NN  | When executing an external logging command, the command was terminated by a signal.
Severity: info  Class: ERROR

SUSPEND | The client will go into suspend mode on receipt of a SIGUSR2 signal
Severity: mark, Class: START

The checksum of XX has changed since startup (YY -> ZZ) | The checksum of the executable XX has changed beween strtup and termination. XX is set with the configuration option SamhainPath to the path of the samhain executable.
Severity: info  Class: ERROR

Time limit exceeded | The named host has not sent any message to the server within the configured interval. The server will mark the client as inactive.
Severity: crit, Class: OTHER

Timeout (NN sec) while checksumming file | A timeout has occurred while trying to read from a file. Might be caused e.g. by NFS errors or mandatory locking. 
Severity: err, Class: ERROR

Timeout in entropy collector | A timeout has occurred while trying to gather entropy (e.g. /dev/random blocks because no entropy available)
Severity: debug, Class: OTHER

Truncation occured. | Internal error. An internally constructed path was truncated
Severity: err, Class: ERROR

Unexpected reply | Internal error. Unexpected data from server during client/server communication.
Severity: err, Class: OTHER

Unknown file request | The named client requested an unknown type of file (not configuration file or baseline database)
Severity: crit, Class: OTHER

Unknown host XX | Address for host XX could not be resolved. Email configuration error (there is no MX entry in the DNS, and the domain does not resolve to an IP address).
Severity: err  Class: ERROR

Unlink failed, maybe path not trusted | Unlinking an already existing UNIX domain socket /cfmu/yule/run/yule.sock failed. One possible reason is that the path is owned or writeable by an untrusted user.
Severity: err  Class: ERROR

Unrecognized section heading in line NN of configuration file | Typo in the configuration file, or section header for a module not compiled into the executable
Severity: warn, Class: ERROR

Untrusted path | The named path is owned by (or writeable by) the named UID which is not in the list of trusted users
Severity: err, Class: ERROR

Using insecure memory | Memory could not be locked to prevent sensitive information from getting swapped to disk. Usually due to insufficient privilege
Severity: warn, Class: OTHER

Waitpid returned error NN | Internal error. When executing an external logging command, the status of the subprocess could not be determined.
Severity: info  Class: ERROR

Weird filename | A file was detected with unusual (e.g. non-printable) characters. Can be configured via the AddOKChars option
Severity: err, Class: OTHER

World writeable.  | The named file is used internally by samhain/yule, but is world writeable
Severity: err, Class: ERROR

Writeable file with timestamps of parent directory fixed | Incorrect policy definition. Timestamps of a directory are required to stay fixed, while files in the directory may be modified.
Severity: warn, Class: OTHER




