Hello,
From http://www.ossec.net/main/manual/#active-response-config
<active-response>
<disabled>Completely disables active response if "yes"</disabled>
<command>The name of any command already created</command>
<location>Location to execute the command</location>
<agent_id>ID of an agent (when using a defined agent) </agent_id>
<level>The lower level to execute it (0-9)</level>
<rules_id>Comma separated list of rules id (0-9)</rules_id>
<rules_group>Comma separated list of groups
(A-Za-z0-9)</rules_group>
<timeout>Time to block</timeout>
</active-response>
Could somebody tell me, tags <level>, <rules_id> and <rules_group>
combined by OR rule or AND?
Thanks!
--
DSS5-RIPE DSS-RIPN mailto:[EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
http://wizard.volgograd.ru/ 2:550/[EMAIL PROTECTED] 2:550/[EMAIL PROTECTED]
