[ossec-list] Drop IP by rule

Marcos Neves Sat, 14 Feb 2009 14:42:12 -0800

How can I drop an IP using OSSEC and IPTABLES?
I have this 2 lines log:

Feb 14 15:00:00 1centavo maradns.conf: 2009-02-14 17:00:00  Log: Consulta
incorreta recebida:
\004#\001\000\000\001\000\000\000\000\000\000\000\000\002\000\001
Feb 14 15:00:00 1centavo maradns.conf: From IP: 82.146.35.143


I want that when the first line has the message "Consulta incorreta
recebida", it take the IP address on the second line and DROP it using
IPTABLES.

Marcos Neves
+55 44 3263-8132
+55 44 9918-8488

[ossec-list] Drop IP by rule

Reply via email to