Hi Aaron, Thanks for the patch. Added to the latest snapshot:
http://www.ossec.net/files/snapshots/ Can you take a look to make sure it is working correctly? Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Wed, May 12, 2010 at 2:40 PM, Aaron Bliss <aaron.bl...@gmail.com> wrote: > Hi all, > I noticed that Windows 2008 clients were not running the built in > route-null.cmd active response script properly. Server 2003 clients > run it without issue. This seems to be because the output of ifconfig > /all changed in server 2008. Modifying the route-null.cmd script by > editing the following line, works for both 2003 and 2008 servers: > > change: > FOR /F "TOKENS=2* DELIMS=:" %%A IN ('IPCONFIG /ALL ^| FIND "IP > Address"') DO FOR %%B IN (%%A) DO SET IPADDR=%%B > > to: > FOR /F "TOKENS=2* DELIMS=:" %%A IN ('IPCONFIG ^| FIND "IP"') DO FOR > %%B IN (%%A) DO SET IPADDR=%%B > > Aaron >
