What OS are your agents running on?
On Sun, Jun 19, 2011 at 6:09 PM, pierz <[email protected]> wrote: > Yes exactly, regarding the manual, this is the purpose of the > <location>all</location> statement. > > But agents doesn't block IP if the attack occur on the server. > > On 17 juin, 02:09, Jason Frisvold <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On Jun 16, 2011, at 1:59 PM, pierz wrote: > > > > > previous thread : > > >http://groups.google.com/group/ossec-list/browse_thread/thread/340a63. > .. > > > > > So I configured the active-response like this, to have the AR enable > > > on both ALL agents and the server (because when you configure only > > > <location>all</location> it won't block on the server. > > > > So are you trying to have the IP blocked on all servers when triggered > from a single server? > > > > - --------------------------- > > Jason 'XenoPhage' Frisvold > > [email protected] > > - --------------------------- > > "Any sufficiently advanced magic is indistinguishable from technology." > > - - Niven's Inverse of Clarke's Third Law > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG/MacGPG2 v2.0.16 (Darwin) > > > > iEYEARECAAYFAk36m0AACgkQ8CjzPZyTUTQqjQCfU94Xvu+xnACE0m43ZyLMTeKb > > 58gAnjUVVJnfvOg2ePr6A/WAWWhArKW7 > > =inG1 > > -----END PGP SIGNATURE----- >
