Hi greetings i hav installed Zentyal i did bridge mode add modules for IDS and mail notifications.
I succesfully got messages from zentyal server but only this message i am getting:
"info : La interfaz de Zentyal está activa y en ejecución"
Y do a synflood attack going through the zentyal bridge but not message about the alert reach the email.
But when i check /var/log/snort/alert
12/13-18:06:50.014891 [**] [1:100000160:2] COMMUNITY SIP TCP/IP message flooding directed to SIP proxy [**] [Classification: Attempted Denial of Service] [Priority: 2] {TCP} 192.168.5.93:33589 -> 192.168.5.100:80
The logs and events are enabled for IDS but i do not get any mail about this logs and when i go to logs and IDS full log button it is in blank no log.
I have followed all documentation all is ok but no mail is send and no log is registered in the web interface but snort is working.
Topic: Zentyal Bridge Transparent IDS (Read 1893 times)