On Sep 23, 2014 4:47 AM, "Chard" <[email protected]> wrote: > > Hi, > > > > Could someone help clear up the use of active--response for me? I understand that is can be used to kick of script when a certain alert fires. But is it needed for getting emails from all alerts in real-time, do I need to set up command for each rule ID? >
Active response is not necessary for email alerts? What part of the documentation gave you that idea? I would love to make it more clear. > > > E.g. > > > <active-response> > <command>mail</command> > <location>server</location> > <rules_id>1000,1001,1002,1003....</rules_id> > </active-response> > > Thanks. > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
