On Sun, Feb 22, 2015 at 5:56 AM, Oskar <[email protected]> wrote: > Finally I could test it. > > It dosn't work with multiple Targets like here: > > <active-response> > <command>firewall-drop</command> > <location>defined-agent</location> > <agent_id>111,222</agent_id> > <level>6</level> > <timeout>600</timeout> > </active-response> > > In fact, it fires a notification but nothing happens to the firewall. > > It does work by multiple <active-response> sections with individual > <agent_id> sections like here: > > > <active-response> > <command>firewall-drop</command> > <location>defined-agent</location> > <agent_id>111</agent_id> > <level>6</level> > <timeout>600</timeout> > </active-response> > > <active-response> > <command>firewall-drop</command> > <location>defined-agent</location> > <agent_id>222</agent_id> > <level>6</level> > <timeout>600</timeout> > </active-response> > > > > Unfortunately you'll get the notification then duplicated. :( But better > than nothing! > > Is there a chance to implement an array of agent_id's? >
Code it up and submit a pull request, I'm sure we can get it in. > > Am Montag, 26. Januar 2015 20:42:07 UTC+1 schrieb dan (ddpbsd): >> >> On Mon, Jan 26, 2015 at 2:40 PM, Oskar <[email protected]> wrote: >> > Thanks for the reply! >> > >> > If YOU don't know, who knows? ;) >> > >> >> Whoever tests it. Unfortunately it's not something I can currently test. >> :-) >> >> > I'll try it as soon as I have my test-environment ready and report back! >> > >> > Am Donnerstag, 22. Januar 2015 14:06:01 UTC schrieb dan (ddpbsd): >> >> >> >> >> >> The documentation is unclear. Test multiple agents (probably >> >> <agent_id>001,002,003</agent_id>) and report back! >> >> >> >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
