On Fri, May 29, 2015 at 2:06 AM, Gil Vidals <[email protected]> wrote: > Thanks Daniel for incorporating the patch for geoip. Xme, roughly when would > you think the geoip features will be made available in a stable release? >
I'm neither of those people, but the soonest this should get released is 3.0. That assumes someone submits a pull request, and things are properly tested. > Gil Vidals > > > On Tuesday, May 26, 2015 at 2:53:56 PM UTC-7, Gil Vidals wrote: >> >> Since OSSEC has support for incorporating geoip, is there a way to include >> rules that are based on country code? I couldn't find any instructions in >> the manual for doing so. There are some custom rules I wrote that would be >> enhanced and triggered only for certain countries. >> >> I understand that the geoip library has to be enabled; however, I couldn't >> find whether rules can be written based on country or city codes that geoip >> would return. >> >> <ossec_config> >> <global> >> <!-- to specify GeoIP database file location --> >> <geoip_db_path>/etc/GeoLiteCity.dat</geoip_db_path> >> <geoip6_db_path>/etc/GeoLiteCityv6.dat</geoip6_db_path> >> </global> >> >> <alerts> >> <!-- to add GeoIP info in alerts --> >> <use_geoip>yes</use_geoip> >> </alerts> >> </ossec_config> >> >> >> Gil Vidals > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
