Hello, after having a major issue with ossec, a few years ago, I'll give it another try.
We're running 7 physical hosts as a cluster. Within our cluster we have openvz containers. The plan is, creating a container as the ossec-Server. All others, the virtual and physical hosts shall run the agent. If the server get's triggered from an agent, the active response (which is usually blocking the attacking host) should be executed only on all physical hosts, not on the virtual hosts. As I see, there's the <location> tag within the <active-response>. With setting "defined-agent" within location, is it possible to give <agent_id> a list of agents? If not, is there already a way to do it like this, which I dind't found so far? Thanks in advance, Oskar -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
