<group name="attack,">
<rule id="200000" level="15" timeframe="300" frequency="3">
<if_matched_group>attacks|attack|automatic_attack</if_matched_group>
<same_source_ip />
<description>Attacks from same source IP</description>
</rule>
</group>
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
On Aug 21, 2017 12:54 PM, "Ritu Soni" <ritu.s...@gmail.com> wrote:hello,I have installed OSSEC on UBUNTU server.I want to perform changes in OSSEC rules, so that it can detect an attack and display an alert like "DDOS Attack".Is it possible to perform changes in rules of OSSEC using xml files?What could be the possible method for this, please guide me.Local additiona or changes to the rules can be done in /var/ossec/rules/local_rules.xml
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
Hey,When i perform any changes to xml files, ossec stopped working.should i use ''make" command for those changes to work or any other command after performing the changes ?
On Monday, August 21, 2017 at 10:25:45 PM UTC+5:30, dan (ddpbsd) wrote:On Aug 21, 2017 12:54 PM, "Ritu Soni" <ritu.s...@gmail.com> wrote:hello,I have installed OSSEC on UBUNTU server.I want to perform changes in OSSEC rules, so that it can detect an attack and display an alert like "DDOS Attack".Is it possible to perform changes in rules of OSSEC using xml files?What could be the possible method for this, please guide me.Local additiona or changes to the rules can be done in /var/ossec/rules/local_rules.xml--To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
Hello,My work requirement is that OSSEC should generate an alert " Attack Detected " ,when the request from same ip address is received by the server for 3 or more times within 300 seconds.I have done changes in syslog_rules.xml file:<rule id="1002" level="2" time_frame="300" frequency="3"><if_matched_group>attacks|attack|automatic_attack</if_matched_group><options>alert_by_email</options><description>DDOS Attack Detected</description></rule>But when i restart OSSEC,it generates an error msg:OSSEC analysisd: Testing rules failed. Configuration error. Exiting.Are these changes made correct?if not, please suggest the changes to achieve the same.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
<group name="attack,">
<rule id="200000" level="15" timeframe="300" frequency="3">
<if_matched_group>attacks|attack|automatic_attack</if_matched_group>
<same_source_ip />
<description>Attacks from same source IP</description>
</rule>
</group>
Hello,
I simply want to test the rule for DDOS Attack,which is discussed previously:local_rules.xml:<group name="attack,">
<rule id="200000" level="15" timeframe="300" frequency="3">
<if_matched_group>attacks|attack|automatic_attack</if_matched_group>
<same_source_ip />
<description>Attacks from same source IP</description>
</rule>
</group>But this is not working. I get errors while adding this new rule.What is the possible solution for making this rule work?
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
On Thu, Aug 24, 2017 at 8:35 AM, dan (ddp) <ddp...@gmail.com> wrote:
>
>
> On Aug 24, 2017 4:40 AM, "Ritu Soni" <ritu.s...@gmail.com> wrote:
>
> Hello, ok
Hey,
Ok, thanks.have you added the rule in local_rules.xml file? or any other xml file?
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
hey,