Hello, I am testing OSSEC in server/client mode. The feature I want to achieve is to run a script whenever the client loses connection with the server. I know that when this event happens the ossec.log file in the agent reports:
2015/06/12 16:11:57 ossec-agentd: WARN: Server unavailable. Setting lock. 2015/06/12 16:12:07 ossec-agentd(1218): ERROR: Unable to send message to server. 2015/06/12 16:12:19 ossec-agentd(1218): ERROR: Unable to send message to server. 2015/06/12 16:12:20 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: '10.33.x.x'. One way to do this would be to periodically monitor the log file and trigger a desired response if this message appears. However, this is prone to error. I was wondering if there is a better solution or OSSEC already provides any capability to this? In a few words, I want to know of a good way to run a script on the client whenever the client loses connection with the server. (similar to an Active Response but on the client side when the connection is lost) Thank you. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
