Hi,
I have 20 agents, on ossec 2.7.0.
I have an active-response configurartion like this:
<active-response>
<command>firewall-drop</command>
<location>all</location>
<rules_id>3357,9951,9952,9953,31502,100003,100008,100011,100012,100101</rules_id>
<timeout>600</timeout>
<repeated_offenders>30,60,120</repeated_offenders>
</active-response>
The question is simple: why the active-reponse is applied everywhere except
on the server?
Should I add another active-response with the same rules but with
<location>server</location>?
I have nothing in my iptables, and no /var/ossec/log/active-response.log on
my server.
Thanks
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
