title: Suspicious Log Entries id: f64b6e9a-5d9d-48a5-8289-e1dd2b3876e1 status: test description: Detects suspicious log entries in Linux log files author: Florian Roth date: 2017/03/25 modified: 2021/11/27 logsource: product: linux detection: keywords: - entered promiscuous mode - Deactivating service - Oversized packet received from - imuxsock begins to drop messages condition: keywords falsepositives: - Unknown level: medium tags: - attack.impact