Hi,
Could someone help clear up the use of active--response for me? I
understand that is can be used to kick of script when a certain alert
fires. But is it needed for getting emails from all alerts in real-time, do
I need to set up command for each rule ID?
*E.g.*
<active-response>
<command>mail</command>
<location>server</location>
<rules_id>1000,1001,1002,1003....</rules_id>
</active-response>
Thanks.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
