Thanks Dan ... I presume that is in the documentation on ossec's website?
Sent from my iPad > On Apr 30, 2014, at 10:13 PM, "dan (ddp)" <[email protected]> wrote: > > > On Apr 30, 2014 10:07 PM, "Thomas Moretto" <[email protected]> wrote: > > > > if i have a centralized log server, and have ossec read those logs, can i > > have the ossec server apply the ip firewall block to all the servers > > contributing to the central log server? > > > > example. > > contributing servers: > > server01 server02 server03 server04 > > > > central log server: > > logserver01 > > > > ossec server: > > ossecserver01 > > > > say ip address 37.24.199.45 just got flagged for multiple failed SSH > > attempts on server01. > > > > can i have ossec read that failure on the central log server and apply the > > iptables block on all the contributing servers? > > > > Yes. You just need to setup active response correctly. > > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
