What about the evaluation using a specific attacks. Are there any rules available online for some kind of attacks like DOS or SQL injection. Is there any one has evualuated OSSEC against some attacks and get alerts that explain that there is an attack detected. Right now, we get only alerts with level numbers without any information about attack name or type.
On Saturday, April 14, 2012 11:01:18 AM UTC-7, dan (ddpbsd) wrote: > Syslog severity plays no role in OSSEC. > On Apr 14, 2012 1:58 PM, "ignasr" <ign...@vault13.lt <javascript:>> wrote: > >> Hello all, >> >> what should I do if I want OSSEC to send email notifications on >> severity err and higher of messages, read from a syslog <localfile>? >> Syslog events from several servers are written to that file. >> >> It seams there is no simple way of doing that, because message >> severity is not saved to a syslog file. >> >> Thank you, >> IgnasR >> >> p.s. sorry for a double post. My previous post can be deleted. >> >
