Re: [ossec-list] Responses Configuration with multiple locations possible?

Sun, 22 Feb 2015 05:21:07 -0800 

Finally I could test it.

It dosn't work with multiple Targets like here:

  <active-response>
    <command>firewall-drop</command>
    <location>defined-agent</location>
    <agent_id>111,222</agent_id>
    <level>6</level>
    <timeout>600</timeout>
  </active-response>

In fact, it fires a notification but nothing happens to the firewall.

It does work by multiple <active-response> sections with individual 
<agent_id> sections like here:

  
<active-response>
    <command>firewall-drop</command>
    <location>defined-agent</location>
    <agent_id>111</agent_id>
    <level>6</level>
    <timeout>600</timeout>
  </active-response>

  <active-response>
    <command>firewall-drop</command>
    <location>defined-agent</location>
    <agent_id>222</agent_id>
    <level>6</level>
    <timeout>600</timeout>
  </active-response>



Unfortunately you'll get the notification then duplicated. :( But better 
than nothing!

Is there a chance to implement an array of agent_id's?


Am Montag, 26. Januar 2015 20:42:07 UTC+1 schrieb dan (ddpbsd):
>
> On Mon, Jan 26, 2015 at 2:40 PM, Oskar <[email protected] 
> <javascript:>> wrote: 
> > Thanks for the reply! 
> > 
> > If YOU don't know, who knows? ;) 
> > 
>
> Whoever tests it. Unfortunately it's not something I can currently test. 
> :-) 
>
> > I'll try it as soon as I have my test-environment ready and report back! 
> > 
> > Am Donnerstag, 22. Januar 2015 14:06:01 UTC schrieb dan (ddpbsd): 
> >> 
> >> 
> >> The documentation is unclear. Test multiple agents (probably 
> >> <agent_id>001,002,003</agent_id>) and report back! 
> >> 
> >> 
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to [email protected] <javascript:>. 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to