Hi Denis, Currently they are combined by an OR (if any one of them matches), but now that you mentioned it, I think I should change to AND.
Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Dec 17, 2007 11:39 AM, Denis Shaposhnikov <[EMAIL PROTECTED]> wrote: > > Hello, > > From http://www.ossec.net/main/manual/#active-response-config > > <active-response> > <disabled>Completely disables active response if "yes"</disabled> > <command>The name of any command already created</command> > <location>Location to execute the command</location> > > <agent_id>ID of an agent (when using a defined agent) </agent_id> > <level>The lower level to execute it (0-9)</level> > <rules_id>Comma separated list of rules id (0-9)</rules_id> > <rules_group>Comma separated list of groups > (A-Za-z0-9)</rules_group> > > <timeout>Time to block</timeout> > </active-response> > > Could somebody tell me, tags <level>, <rules_id> and <rules_group> > combined by OR rule or AND? > > Thanks! > > -- > DSS5-RIPE DSS-RIPN mailto:[EMAIL PROTECTED] xmpp:[EMAIL PROTECTED] > http://wizard.volgograd.ru/ 2:550/[EMAIL PROTECTED] 2:550/[EMAIL PROTECTED] >