Search the Community
Showing results for tags 'alert'.
Found 2 results
sorry to bother you all, i trying to check arp spoofing on my winids system so i'm active the prepocrule used to detect arp spoofing. the rule look like this : alert ( msg: "ARPSPOOF_ARP_CACHE_OVERWRITE_ATTACK"; sid: 4; gid: 112; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; ) and it work it shown and give alert on barnyard2 & visual syslog server it give alert like this : 05/16-13:31:06.553294 [**] [112:4:1] spp_arpspoof: ARP Cache Overwrite Attack [**] but the alert can't show on BASE it give error on BASE, the error look like this : "D:\winids\Apache24\htdocs\base\includes\base_cache.inc.php:776: ERROR: 3 alerts have NOT found their way into acid_event with sid = 4" "D:\winids\Apache24\htdocs\base\includes\base_cache.inc.php:521: ERROR: Alert "4 - 9618" could NOT be found in acid_event" what should i do to fix the error and make the alert can shown on BASE? thank you so much - Fahmi
Hello everyone, sorry to bother you.I'm following the tutorial "Installing an Apache2 Web Server logging events to a MySQL Database" by Morpheus to my computer using windows 10 and it work, i can access the 'http://winids' on my browser. But i'm realize that my winids console dont show any alert for icmp and udp packet, so what i need to do to make the winids security console can work with icmp and udp packet. thank you so much.