Hi Daniel, Thank you, I was able to get that working.
Eric ----- Original Message ----- From: "Daniel Cid" <[email protected]> To: [email protected] Sent: Monday, April 26, 2010 10:12:52 AM Subject: Re: [ossec-list] Active Responses Hi Eric, You don't have to duplicate the scripts. Just add a new active-response section and give it a very high timeout and specify the rule id you want: <active-response> <command>firewall-drop</command> <location>local</location> <rules_id>3302</rules_id> <timeout>9999</timeout> </active-response> Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Fri, Apr 23, 2010 at 5:45 PM, Eric Biondi <[email protected]> wrote: > I would like to treat one Rule violation different from the rest. I'll > duplicate the scripts for firewall drop under a different name and add > commands in ossec.conf for the new script. > > Instead of Level 7 or above triggering the command, I'd like to have a > specific postfix rule be the trigger. What would the tags be for this? > Instead of <level></level> can I use something else? I want to make > the firewall drop permanent for Rule: 3302. > > Thanks, Eric > > > > > -- > Subscription settings: http://groups.google.com/group/ossec-list/subscribe?hl=en >
