When rule 550 or 554 is hit with ANY agent as the source, the command below is
executing on agent 19.
As I understand AR, the command should only be executing on agent 19 when rule
550 or 554 is hit *with agent 19 as the origin*
Is this a bug or a misunderstanding on my part somewhere?
Config piece:
<active-response>
<command>test-it</command>
<location>defined-agent</location>
<agent_id>019</agent_id>
<rules_id>550,554</rules_id>
</active-response>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
