Hey,
Thanks for your suggestions. Now the ossec is generating logs and not
giving errors after restarting it couple of times.
Now i want to implement the rule,that is want to perform an attack
according to that rule. I have tried to login from PUTTY in Windows 3 times
within 5 mins, so that it
Hi,
there are several DDOS attack types: UDP/SYN/ICMP/HTTP flood, ping of the
death, etc. If these attacks do not generate a log that OSSEC can read, the
attack will not be detected.
Try to detect the DDOS attack in your machine manually: review apache logs,
netstat or an specific tool to
HI, thanks for your response. I am using XOIC and also RDOS tu simulate
DDOS attack but both are not working. The web ui are not detecting any
attack and on RDOS it looks like the software aren't even connected to the
server.
On Friday, May 6, 2016 at 5:45:58 PM UTC+8, Jesus Linares wrote:
>
Hi Jiri,
also you can run the command "/var/ossec/bin/agent_control -lc" to get the
connected agents. Keep in mind that in order to know if an agent is
connected, disconnected or never connected OSSEC reads the modification
date of the files in /var/ossec/queue/agent-info/*:
- if there is
On Thu, May 5, 2016 at 2:12 PM, Jiri wrote:
> Hi,
>
> I just finished installing ossec on ubuntu as a server and windows agent on
> another computer. How do i test if my agent is successfully connected to me?
> Also, can someone help me on creating rules to detect an a