Re: [ossec-list] Active-response firewall-drop server IP instead of agent IP when fired an agent rule

On Wed, Jul 5, 2017 at 12:52 AM, Tunguyen wrote: > Hi everyone, here is my ossec.conf on the server: > > > > firewall-drop > server,all > 31152 > 600 > 30,60,90,120,150 > > > rule 31152 is: > > > 31103 > > Multiple SQL

[ossec-list] Active-response firewall-drop server IP instead of agent IP when fired an agent rule

Hi everyone, here is my ossec.conf on the server: firewall-drop server,all 31152 600 30,60,90,120,150 rule 31152 is: 31103 Multiple SQL injection attempts from same souce ip. attack,sql_injection, After i tried to SQL injection to