fire OSSEC rules by using a command #9200
-
|
Hi all, I have a bit of a strange request but here it goes. Is there a way to automatically fire (trigger) OSSEC rules without actually doing something that would trigger it like logging in too many times? I am looking for a command that fires all or a selection of OSSEC rules so that they show up on the Security Onion dashboard. I would like to do this by using a command because it would take too much time to manually trigger all of them. The situation is a bit weird but lets say that I would like to try this for a school project so I can compare how many event loggings I have reduced by editing or disabling rules. So I would like to trigger a rule then edit/ disable it and then trigger it again to show that my rule worked. Thanks in advance! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
If this is for a school project, we can't do your homework for you but you might consider using something like |
Beta Was this translation helpful? Give feedback.
-
|
Hi Dough, Thank you for the quick response. Logger seems to be interesting. I also figured that I can kind of use ossec logtest in my case. So I will use logtest to proof that an event is generated with level 0 after I made a custom rule to suppress the event. I already looked into logtest before but I got kinda lost after a while that is why I asked the question in the first place. But after some sleep and coffee I figured that this will also do for me. Thank you Dough. |
Beta Was this translation helpful? Give feedback.
If this is for a school project, we can't do your homework for you but you might consider using something like
loggerto generate your own logs that match rules.