APF antidos logs ?

[sh4ka]

I've installed and activated the anti-dos functions for APF, but after a few days I check for the logs, and I can't even find the log file at /var/log/apfados_log.

What does this mean, that no one launched DOS attacks against my box, or that simply the mod antidos is not working ? How can I know if it is working ?

I'm using RHAS.

thzk!

[kris1351]

It shouldn't really log anything in the AD logs unless it does something. Look in your master APF logs and it should tell you that AD started up properly or not. Check that the AD/APF crons are running properly, they are located in /etc/cron.

[Blapto]

You could see if it is working or not by trying to DoS it yourself?

Bear in mind that you need to get access some other way to disable the block it will put on your IP.

[avijit]

By default the file /var/log/apfados_log is not created so that it can keep the log. And you need to have a DOS to get logs there to have some logs as mentioned earlier.

You can touch that file to create it and see what heppens

[avijit]

Another thing..if this helps ...

AD is not going to pickup and block a lot of things normally (unless you put the settings to low, but then you'll be blocking innocent people). It's meant to block IP's that are doing a DDoS attack, so unless your getting an syn flood attack or something like this, you really should not see any IP's being added.

Anti DOS rules can be kept at /etc/apf/ad/ad.rules

You need to set USE_AD="1" in the /etc/apf/conf.apf to get those rules working.

You may see some logs there if you reduce the LRATE="45" But I am sure you will not.