Nice! I'll test this patch! /x
On Wed, May 27, 2015 at 6:37 PM, dan (ddp) <[email protected]> wrote: > On Wed, May 27, 2015 at 12:29 PM, Michael Starks > <[email protected]> wrote: > > On 05/27/2015 07:19 AM, Xavier Mertens wrote: > >> Hi Gil, > >> When I wrote this patch for OSSEC a long time ago (it was later > >> integrated into the main branch), my goal was not to create > >> "geolocalized" alerts. IMHO, to add this feature, it requires a lot of > >> patching because you need to define a new keyword to be used in alerts > >> like "srcip", "user", "data", etc... > >> But indeed, it could be a nice feature! Feel free to contribute to the > >> source code! :-) > > > > I think I saw Daniel Cid contribute something along these lines in his > > own repo recently. > > > > Link: > https://bitbucket.org/dcid/ossec-hids/commits/5c92a0ec09812bdba6adff1c2a6235eac6a4a46d > > It'd be great to have that (for people who use GeoIP). > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
