On Thu, Feb 20, 2014 at 4:45 AM, Александр Чалый <[email protected]> wrote: > Hello! > > I have tried to implement OSSEC HIDS system in my network. And everything > about notification is ok. But active-response rules dont't do. > > As I see some Alert in alert.log after that I expect action, but no actions > (((. > > Can you help me? >
Maybe. Is Active Response (AR) enabled? On both the OSSEC server and agent? Is ossec-execd running on the agent? Are you sure the agent should be running an AR script based on that alert? Are you sure the correct information is being passed to the agent in order to actually run the AR script? How do you know it isn't working? > Regards, > > Alexander Chaliy > mobile: +38 097 102 45 83 > mail: [email protected] > skype: achaliy > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
