On Dec 24, 2014 2:56 PM, "Glenn Ford" <[email protected]> wrote: > > So I decided to do a quick test of what I thought OSSEC would alert on like so: > > <from agent server> > access_log: > [24/Dec/2014:14:39:46 -0500] "GET /phpadmin/scripts/setup.php HTTP/1.1" 404 > error_log: > [Wed Dec 24 14:39:46 2014] [error] [client x.x.x.x] File does not exist: [www-path]/phpadmin > > > ossec alert logs have nothing reported for this? > > Not sure how I can test to see if IDS for apache logs working OK. >
What output did ossec-logtest give you? > > > On Wednesday, December 24, 2014 1:42:49 PM UTC-5, Glenn Ford wrote: >> >> Hello All! >> >> Thanks to Dan I have a basic setup in place. I'd like to verify/test the IDS is working properly for my apache logs. >> >> Is there a test attack script people use to flex the OSSEC IDS component on apache logs? >> >> I could just run a dynamic pen test scanner (ibm appscan,etc) I guess? >> >> TIA! >> >> Glenn > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
