Well my other posts got dropped yesterday, but I did manage to figure out one of them. However I have a couple of other things I need clarifying.
1. Can I have multiple <active-response></> blocks in ossec.conf? Or must I put all my active response stuff inside one block?
2. The documentation for the <expect> tag seems to indicate that I can put ANY text in the tags to be passed to a command, yet when I try it, I don't get anything passed but junk to the command. Is this an error, or am I doing something wrong?
-- Ita erat quando hic adveni. Mark Haney Sr. Systems Administrator ERC Broadband (828) 350-2415
