Hi All, I’m trying to find a generic way to see what (log)locations trigger certain rules. I’m monitoring a multitude of apache logs on a multitude of servers and Active Responses work like a charm.
I would like to know the origin of the AR triggers. For instance, Firewall lockdowns due to brute force login attempts. Basically I would like to know what websites pull the most ‘dirt’. The easiest way would be to show the logfile location in an alert. But I don’t know if that’s easy doable. Thanx a lot for your input! Kind regards, Gerard. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
