[Oisf-users] how can see the word alert and drop in my fast.log???
Victor Julien
lists at inliniac.net
Thu Jul 4 14:39:39 UTC 2013
On 07/04/2013 03:11 PM, mouna amani wrote:
> I am using the fast.log
> I configured to file type: regular
> My rules are all set to alerts
> I got lines in my fast.log looking like this :
>
> 10/05/10-10:08:59.667372 [**] [1:2009187:4] ET WEB_CLIENT ACTIVEX iDefense
> COMRaider ActiveX Control Arbitrary File Deletion [**] [Classification: Web
> Application Attack] [Priority: 3] {TCP} xx.xx.232.144:80 -> 192.168.1.4:56068
> It is just an example
> I want to see the word "alert" in my fast.log
> what should I change ??????
Nothing. The alert keyword makes sure the lines get written to the fast
log. "alert" itself is not written to it.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list