[ossec-list] Re: Repeated offenders - timeout of IP count
If you look in the logs directory on the clients, it will show you the commands that are run to add and remove ips. On Friday, March 23, 2018 at 10:20:54 AM UTC-4, Ricardo Almeida wrote: > > Hi, > > I would like to know for how long time OSSEC "store" the blocked IP so > that it is considered as a repeated_offernder, ie once it has been > unblocked (after the first block), until how much later it will count as a > repeated_offender. For example, if IP X is blocked now, will it still > count as repated_offender tomorrow? And, what action that clear the count > by IP, only the restart of the ossec-server service? > > Thank you! > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: Repeated offenders - timeout of IP count
By default, 10 minutes. But you can change it. Add this to the ossec.conf on the client machines. The values are in seconds and you can adjust them 600,3600,7200, 14400 On Friday, March 23, 2018 at 10:20:54 AM UTC-4, Ricardo Almeida wrote: > > Hi, > > I would like to know for how long time OSSEC "store" the blocked IP so > that it is considered as a repeated_offernder, ie once it has been > unblocked (after the first block), until how much later it will count as a > repeated_offender. For example, if IP X is blocked now, will it still > count as repated_offender tomorrow? And, what action that clear the count > by IP, only the restart of the ossec-server service? > > Thank you! > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.