[Oisf-users] how can see the word alert and drop in my fast.log???
mouna amani
amani.smiai.insat at gmail.com
Thu Jul 4 14:49:50 UTC 2013
I am going to change some rules to drop :
How can I know which lines are for the alert events and which are for
the drop events?????
if fast.log doesn't put "alert" or "drop" in the log
On Thu, Jul 4, 2013 at 4:39 PM, Victor Julien <lists at inliniac.net> wrote:
> On 07/04/2013 03:11 PM, mouna amani wrote:
>> I am using the fast.log
>> I configured to file type: regular
>> My rules are all set to alerts
>> I got lines in my fast.log looking like this :
>>
>> 10/05/10-10:08:59.667372 [**] [1:2009187:4] ET WEB_CLIENT ACTIVEX iDefense
>> COMRaider ActiveX Control Arbitrary File Deletion [**] [Classification: Web
>> Application Attack] [Priority: 3] {TCP} xx.xx.232.144:80 -> 192.168.1.4:56068
>> It is just an example
>> I want to see the word "alert" in my fast.log
>> what should I change ??????
>
> Nothing. The alert keyword makes sure the lines get written to the fast
> log. "alert" itself is not written to it.
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
--
Amani smiai
More information about the Oisf-users
mailing list