Scroll Top

Detecting and alerting DDoS attacks in Energy Logserver

DDoS attack can be detected with Energy Logserver by few approaches, which we did in previous deployments with multiple customers. In all scenarios we are interested in getting notification or taking specific action based on detection, that is why we are using alerting. We can either integrate with firewall software, which is capable of detecting such attack OR we can create such detection independently.

In one approach alert type for this use case is frequency. We look for indicator of connection and count it by source ip. If there are more than 100 connections by 1 IP In 5 minutes – alert will be triggered

We can create same kind of alert per website with defined threshold of max visit.


Other option is to have both of those alerts created without notification and create correlation between them with usage of Logical alert type.

The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.