Hi,
there are several DDOS attack types: UDP/SYN/ICMP/HTTP flood, ping of the
death, etc. If these attacks do not generate a log that OSSEC can read, the
attack will not be detected.
Try to detect the DDOS attack in your machine manually: review apache logs,
netstat or an specific tool to
I had to re-purpose my Vm playground PE R900 until I get a replacement
motherboard for my signage server; so it may take a bit until I can
start playing with this. But it looks like there is a way to use Barnyard
to decode alerts to a readable log format. At least from what I read.
I am
Hi Jacob,
That sounds interesting. In case you need help to create decoders/rules or
active responses for your snort logs paste here some log samples.
On Tuesday, May 10, 2016 at 10:41:36 PM UTC+2, Santiago Bassett wrote:
>
> That seems doable yes. I haven't seen that done before, but
Hi,
Sometimes ossec server says *"ERROR: Duplicated counter for"* errors.
Especially we have mass log, and log sending protocol is UDP, so rids
counter' agent and server sometimes inconsistent;
When i see this error, I see the agent is inactive. After this; agent wont
send any logs.
How
I will try to mesause by using ossec-eps.sh; but i see it is not for
spesific agent; it is global average for all agents. am i right?
I think "logall option" must be configurable in server; it storage events
in server, i think server will be down :( It has 100 agent.
When we start ossec
Try using this script:
https://github.com/ossec/ossec-hids/blob/master/contrib/ossec-eps.sh
Another option is to enable logall option and count events in archive.log
(you can count all events in a day and then do the math).
Regarding resources it depends on how much data OSSEC manager/agents
Hello,
Is there a way to measure OSSEC agent EPS count; not alarm?
And Please let me know us of system resources.
Thanks
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it,