Re: [ossec-list] Testing OSSEC

Hey, Thanks for your suggestions. Now the ossec is generating logs and not giving errors after restarting it couple of times. Now i want to implement the rule,that is want to perform an attack according to that rule. I have tried to login from PUTTY in Windows 3 times within 5 mins, so that it

Re: [ossec-list] Testing OSSEC

Hi, there are several DDOS attack types: UDP/SYN/ICMP/HTTP flood, ping of the death, etc. If these attacks do not generate a log that OSSEC can read, the attack will not be detected. Try to detect the DDOS attack in your machine manually: review apache logs, netstat or an specific tool to

Re: [ossec-list] Testing OSSEC

HI, thanks for your response. I am using XOIC and also RDOS tu simulate DDOS attack but both are not working. The web ui are not detecting any attack and on RDOS it looks like the software aren't even connected to the server. On Friday, May 6, 2016 at 5:45:58 PM UTC+8, Jesus Linares wrote: >

Re: [ossec-list] Testing OSSEC

Hi Jiri, also you can run the command "/var/ossec/bin/agent_control -lc" to get the connected agents. Keep in mind that in order to know if an agent is connected, disconnected or never connected OSSEC reads the modification date of the files in /var/ossec/queue/agent-info/*: - if there is

Re: [ossec-list] Testing OSSEC

On Thu, May 5, 2016 at 2:12 PM, Jiri wrote: > Hi, > > I just finished installing ossec on ubuntu as a server and windows agent on > another computer. How do i test if my agent is successfully connected to me? > Also, can someone help me on creating rules to detect an a