On Wed, May 27, 2015 at 12:29 PM, Michael Starks <[email protected]> wrote: > On 05/27/2015 07:19 AM, Xavier Mertens wrote: >> Hi Gil, >> When I wrote this patch for OSSEC a long time ago (it was later >> integrated into the main branch), my goal was not to create >> "geolocalized" alerts. IMHO, to add this feature, it requires a lot of >> patching because you need to define a new keyword to be used in alerts >> like "srcip", "user", "data", etc... >> But indeed, it could be a nice feature! Feel free to contribute to the >> source code! :-) > > I think I saw Daniel Cid contribute something along these lines in his > own repo recently. >
Link: https://bitbucket.org/dcid/ossec-hids/commits/5c92a0ec09812bdba6adff1c2a6235eac6a4a46d It'd be great to have that (for people who use GeoIP). > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
