[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: SQL Injection Detection

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: SQL Injection Detection
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Thu, 7 Sep 2006 23:33:25 -0300
Content-disposition: inline
Content-transfer-encoding: 7bit


Look at C:\program files\ossec-agent\ossec.log (at the agent) for any
error regarding
opening the logs. In addition to that, if you just miss a page
(causing a 400 error code)
you should see something in the server ossec.log ...

*Are you getting other alerts from this windows agent?

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net


On 9/7/06, saman@xxxxxxxxxxxx <saman@xxxxxxxxxxxx> wrote:


Hello,

While I have IIS line on agent config file, after I did sql injection attacks againts web server I have not got any alert yet. I have not seen any alerts in /var/ossec/logs/alerts/alerts.log. I checked IIS log and I see attack logs. Is there anything else to add server's config or agent's config ?

from agent's config
----------------------

<localfile>
    <location>C:\WINNT/System32/LogFiles/W3SVC1/ex%y%m%d.log</location>
    <log_format>iis</log_format>
</localfile>

References:
- [ossec-list] SQL Injection Detection
  - From: saman

Prev by Date: [ossec-list] Re: sendmail_rules.xml
Next by Date: [ossec-list] Re: SQL Injection Detection
Previous by thread: [ossec-list] SQL Injection Detection
Next by thread: [ossec-list] Chatty PIX rules
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.