Hi dan, Configuring ossec to watch the active response.log file will fire an alert w.r.t Integrity Checksum Changed Event w.r.t active response.log file. But what I am looking foirward is, that I get the actual active response log on my email, (email alerting is configured).
Regards Tanishk Lakhaani Sent from BlackBerry® on Airtel -----Original Message----- From: "dan (ddp)" <[email protected]> Sender: [email protected] Date: Wed, 2 Mar 2011 15:38:36 To: <[email protected]> Reply-To: [email protected] Subject: Re: [ossec-list] How to check active response has been activated or not ?? Check the active-response.log file (on the system that runs the active response). You can configure OSSEC to watch the active-response.log file and fire off an email/alert when a new entry is added. It's simple to do, and helps solve the notification problem. On Wed, Mar 2, 2011 at 2:18 PM, Tanishk Lakhaani <[email protected]> wrote: > Hi all, > I have active response configured in my environment. No what ia am worried > abt is that how do I get to knw that an IP address has been blocked by Active > response configuration. Do I need to chek the active response.log file at the > manager side everytime... Or there is some other way. I was thinking of > integrating the same with email alerting in OSsEC > > > Regards > Tanishk Lakhaani > Sent from BlackBerry® on Airtel
