william maddler wrote: > Hello, > I'd need to pass to an active-response command both src and dst IP. Is > there a way to achieve that? > > I'd also like to be able to supply the script the rule ID. This way I > could handle with a single script more event's types without having to > change Ossec inner configuration. > > Thanks >
Just found that rule ID and related log file are being passed to the external script. Now I'd only need dst IP :) Any clue? Thx -- +----------------------------------------------------+ | William Maddler | +----------------------------------------------------+ | Visit my blog at http://www.eth0.it | | eth0 / ifconfig realworld up! | +----------------------------------------------------+ | gpg fingerprint: | | EAAA 5A70 0359 ECEC 1167 D81E 3ED7 87C1 29EE 144Aa | +----------------------------------------------------+
