On Wed, Jan 21, 2015 at 4:34 PM, Oskar <[email protected]> wrote: > Hello, > > after having a major issue with ossec, a few years ago, I'll give it another > try. > > We're running 7 physical hosts as a cluster. Within our cluster we have > openvz containers. The plan is, creating a container as the ossec-Server. > All others, the virtual and physical hosts shall run the agent. > > If the server get's triggered from an agent, the active response (which is > usually blocking the attacking host) should be executed only on all physical > hosts, not on the virtual hosts. > > As I see, there's the <location> tag within the <active-response>. With > setting "defined-agent" within location, is it possible to give <agent_id> a > list of agents? If not, is there already a way to do it like this, which I > dind't found so far? >
The documentation is unclear. Test multiple agents (probably <agent_id>001,002,003</agent_id>) and report back! > Thanks in advance, > > Oskar > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
