Hello, I'd need to pass to an active-response command both src and dst IP. Is there a way to achieve that?
I'd also like to be able to supply the script the rule ID. This way I could handle with a single script more event's types without having to change Ossec inner configuration. Thanks -- +----------------------------------------------------+ | William Maddler | +----------------------------------------------------+ | Visit my blog at http://www.eth0.it | | eth0 / ifconfig realworld up! | +----------------------------------------------------+ | gpg fingerprint: | | EAAA 5A70 0359 ECEC 1167 D81E 3ED7 87C1 29EE 144Aa | +----------------------------------------------------+
