[ossec-list] Rule or Decoder specific host/ip

Hi, How to generate the rule or decoder specific host/ip. I'm try rule1 or decoder1 add "ip_address" but is not work. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send

Re: [ossec-list] Rule or Decoder specific host/ip

On Tue, Mar 27, 2018, 8:19 AM wrote: > Hi, > > How to generate the rule or decoder specific host/ip. > > I'm try rule1 or decoder1 add "ip_address" but is not > work. > Yeah, that won't work. Are you trying to match any log with that IP? That would be hard to do, not

[ossec-list] Re: Repeated offenders - timeout of IP count

If you look in the logs directory on the clients, it will show you the commands that are run to add and remove ips. On Friday, March 23, 2018 at 10:20:54 AM UTC-4, Ricardo Almeida wrote: > > Hi, > > I would like to know for how long time OSSEC "store" the blocked IP so > that it is considered

[ossec-list] Re: Repeated offenders - timeout of IP count

By default, 10 minutes. But you can change it. Add this to the ossec.conf on the client machines. The values are in seconds and you can adjust them 600,3600,7200, 14400 On Friday, March 23, 2018 at 10:20:54 AM UTC-4, Ricardo Almeida wrote: > > Hi, > > I would like to know for how long