This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to see which attacks got detected

Hi,

I am new to astaro 425 box.I configured intrusion detection settings everything as in the manual.I can see in reporting->intrusion detection graph alerts are getting detected.But where do i have to see which alerts are getting detected and where.I am using astaro security v6.0.Any help is appreciated. Thanks in advance.

Stephen

This thread was automatically locked due to age.

Parents

0 Zitronennetz over 19 years ago

Have you already enabled the Intrusion Reporting?
Go to "Intrusion Protection"->"Settings" and enable the "Notification Status."
You also have to submit a valid eMail adress for reporting.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Zitronennetz over 19 years ago

Have you already enabled the Intrusion Reporting?
Go to "Intrusion Protection"->"Settings" and enable the "Notification Status."
You also have to submit a valid eMail adress for reporting.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Gert Hansen over 19 years ago in reply to Zitronennetz

Hi there,

there a two ways to do this.

the first and quick on is to go to the ips ruleset.
you will see in each group and each rule a so called hit counter.
this tells your which group or which rule has been hitted how often.
By clicking on the number, you can reset the counter.
This tells you which rule has been matched, but not by whom.

If you have found a certain rule from which you want to know which IP triggered that, just remember the ID of that rule, lets asume rule id 3212.

Than quickly switch to Local Logs > Query and select the timeframe, i.e. Yesterday and Today.
Than select the IPS log and set the mode to filter.

add the "3212" to the search term and click start.

The browser will open a new window showing you all which ip has triggered that rule.

I hope that helps,

regards
Gert
Cancel
Vote Up 0 Vote Down

Cancel