Thanks Daniel for incorporating the patch for geoip. Xme, roughly when would you think the geoip features will be made available in a stable release?
Gil Vidals On Tuesday, May 26, 2015 at 2:53:56 PM UTC-7, Gil Vidals wrote: > > Since OSSEC has support for incorporating geoip, is there a way to include > rules that are based on country code? I couldn't find any instructions in > the manual for doing so. There are some custom rules I wrote that would be > enhanced and triggered only for certain countries. > > I understand that the geoip library has to be enabled; however, I couldn't > find whether rules can be written based on country or city codes that geoip > would return. > > <ossec_config> > <global> > <!-- to specify GeoIP database file location --> > <geoip_db_path>/etc/GeoLiteCity.dat</geoip_db_path> > <geoip6_db_path>/etc/GeoLiteCityv6.dat</geoip6_db_path> > </global> > > <alerts> > <!-- to add GeoIP info in alerts --> > <use_geoip>yes</use_geoip> > </alerts> > </ossec_config> > > > Gil Vidals > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
