Yes exactly, regarding the manual, this is the purpose of the <location>all</location> statement.
But agents doesn't block IP if the attack occur on the server. On 17 juin, 02:09, Jason Frisvold <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Jun 16, 2011, at 1:59 PM, pierz wrote: > > > previous thread : > >http://groups.google.com/group/ossec-list/browse_thread/thread/340a63... > > > So I configured the active-response like this, to have the AR enable > > on both ALL agents and the server (because when you configure only > > <location>all</location> it won't block on the server. > > So are you trying to have the IP blocked on all servers when triggered from a > single server? > > - --------------------------- > Jason 'XenoPhage' Frisvold > [email protected] > - --------------------------- > "Any sufficiently advanced magic is indistinguishable from technology." > - - Niven's Inverse of Clarke's Third Law > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.16 (Darwin) > > iEYEARECAAYFAk36m0AACgkQ8CjzPZyTUTQqjQCfU94Xvu+xnACE0m43ZyLMTeKb > 58gAnjUVVJnfvOg2ePr6A/WAWWhArKW7 > =inG1 > -----END PGP SIGNATURE-----
