On Tuesday 19 September 2006 13:45, Daniel Cid wrote: Daniel, Since I made those changes to timeout from 600 to 300 no blocking at all is happening. Yesterday out of fustration I reinstalled the agent and that wiped out any log entrys. I will put the blocking back to the default settings and get you some log entrys.
This NMS does not have RDNS set up properly I know for sure. Although I can and should just get after the Data Center folks to fix that. Thanks!! :-) > Hi Francesca, > > Can you show us the alert (or a few of them) that are causing the active > response to be executed? Can you also show us a few entries from your > active response log at /var/ossec/active-response/*.log (on the agent) ? > Basically, the server compares the IP extracted from the log with the > IP or network in the white list. If they match, the response is not > executed at all. > > Maybe ossec is extracting something different than what we may be > expecting (like a hostname). We some times have problems with that > since ossec doesn't do a reverse lookup and it will attempt to block > based on the hostname (and they never match with the white_list)... > > Thanks, > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > On 9/19/06, Francesca Smith <[EMAIL PROTECTED]> wrote: > > On Tuesday 19 September 2006 07:28, Leonardo Goldim wrote: > > Leonardo, > > > > Attached .. > > > > Now I may have not been clear. The whitelist does work properly on the > > server .. But agent nodes I don't see a white list facility at all .. > > > > The ip is in this range where my "Chatty" NMS lives is below .. opennms > > is the software used. > > > > 207.210.240.0/24 > > > > > Hello Francesca, > > > > > > please send you ossec.conf for we can help you. > > > > -- > > Kindest Regards, > > > > Francesca Smith > > > > "No Problems Only Solutions" > > Lady Linux Internet Services > > Baltimore, Maryland 21217 -- Kindest Regards, Francesca Smith "No Problems Only Solutions" Lady Linux Internet Services Baltimore, Maryland 21217
