Hi *,
I'm trying to implement a new active-response rule for a specific event (1
rule ID).
It must be implement with the <repeated_offenders> tag.
Problem: I've multiple active-response rules matching this event and it
seems that OSSEC picks up the wrong one (repeater offenders are not
applied).
Any idea to debug this? The rule is:
<active-response>
<command>firewall-drop-aggressive</command>
<location>local</location>
<timeout>600</timeout>
<rules_id>xxx</rules_id>
<repeated_offenders>30,60,120,240,480</repeated_offenders>
</active-response>
/x
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
