Hi all,
Is it possible to define several agent_id in a defined active
response?? For example:
<active-response>
<command>firewall-drop</command>
<location>defined_agent</location>
<agent_id>001,002,003</agent_id>
<level>6</level>
<timeout>86400</timeout>
<repeated_offenders>2880,4320,5760</repeated_offenders>
</active-response>
or do I need to define one active response for every agent_id?? For example:
<active-response>
<command>firewall-drop</command>
<location>defined_agent</location>
<agent_id>001</agent_id>
<level>6</level>
<timeout>86400</timeout>
<repeated_offenders>2880,4320,5760</repeated_offenders>
</active-response>
<active-response>
<command>firewall-drop</command>
<location>defined_agent</location>
<agent_id>002</agent_id>
<level>6</level>
<timeout>86400</timeout>
<repeated_offenders>2880,4320,5760</repeated_offenders>
</active-response>
<active-response>
<command>firewall-drop</command>
<location>defined_agent</location>
<agent_id>003</agent_id>
<level>6</level>
<timeout>86400</timeout>
<repeated_offenders>2880,4320,5760</repeated_offenders>
</active-response>
Thanks.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
