Verify alerts in log files

Verify alerts in log filesΒΆ

To verify that ModSecurity properly detects a brute-force attack through the OpenStack Dashboard, find the appropriate alert messages in the log files: /var/log/modsec_audit.log and /var/log/apache2/horizon_error.log.

For example:

Message: Access denied with code 403 (phase 2). Operator EQ matched 10 at IP:block.
[file "/etc/modsecurity/bruteforce.conf"] [line "38"] [id "00010"] [msg "Brute-force attack
detected - IP: 172.16.0.254 blocked for 10 min"]