Hi List I have a question about rules.
How do you set the intervals for some stuff say i get a connection from x amount of connections to my server from x if the connection exceed 300 per minute there is something wrong and i need an allert to go out via ossec. Any ideas what a rule for this would look like ? Im trying to catch DoS so i log certain ports via iptables. And how would i match something like this in the log file ? Connection on port 3000 from 191.12.33.100 Regards Willem gerber
begin:vcard fn:Willem Gerber n:Gerber;Willem email;internet:[EMAIL PROTECTED] note;quoted-printable:Destiny Electronic Commerce (Pty) Ltd.=0D=0A= =0D=0A= www.e-destiny.co.za=0D=0A= =0D=0A= 011 695 5500 phone=0D=0A= 086 660 2933 fax x-mozilla-html:TRUE version:2.1 end:vcard
