On Mon, Aug 28, 2017 at 12:17 AM, Ritu Soni wrote:
>>> hey,
>
> I have added the rule in local_rules.xml file in way as in the
> attached image..
> After adding the rule, i have restarted OSSEC services. But I get
> the following errors:
>
On Aug 24, 2017 12:56 PM, "Ritu Soni" wrote:
Ok, thanks.
have you added the rule in local_rules.xml file? or any other xml file?
I added it to my local_rules.xml file, outside of the tag near the
bottom.
On Thursday, August 24, 2017 at 6:14:56 PM UTC+5:30, dan
Hey,
>
> When I add the same rule in local_rules.xml file, I get the following
errors:
*2017/08/24 22:54:00 ossec-config(1501): ERROR: Invalid SMTP Server:
alt1.gmail-smtp-in.l.google.com.*
*2017/08/24 22:54:00 ossec-config(1202): ERROR: Configuration error at
'/var/ossec/etc/ossec.conf'.
Ok, thanks.
have you added the rule in local_rules.xml file? or any other xml file?
On Thursday, August 24, 2017 at 6:14:56 PM UTC+5:30, dan (ddpbsd) wrote:
>
> On Thu, Aug 24, 2017 at 8:35 AM, dan (ddp)
> wrote:
> >
> >
> > On Aug 24, 2017 4:40 AM, "Ritu Soni"
On Aug 24, 2017 4:40 AM, "Ritu Soni" wrote:
Hello,
I simply want to test the rule for DDOS Attack,which is discussed
previously:
local_rules.xml:
attacks|attack|automatic_attack
Attacks from same source IP
But this is not working.
On Aug 23, 2017 6:18 AM, "Ritu Soni" wrote:
Hello,
My work requirement is that OSSEC should generate an alert " Attack
Detected " ,when the request from same ip address is received by the server
for 3 or more times within 300 seconds.
I have done changes in
Hello,
My work requirement is that OSSEC should generate an alert " Attack
Detected " ,when the request from same ip address is received by the server
for 3 or more times within 300 seconds.
I have done changes in syslog_rules.xml file:
**
*attacks|attack|automatic_attack*
*