On Fri, Jun 3, 2016 at 2:20 PM, Jacob Mcgrath <[email protected]> wrote: > > With this it still hits the 1002 rule > > > <group name="ping-servers"> > <rule id="100010" level="0"> > <decoded_as>pingserv</decoded_as> > <description>Grouping For Server Ping Group</description> > </rule> > > <rule id="100011" level="1"> > <if_sid>100010</if_sid> > <action>FAILURE</action> > <description> FAILURE</description> > </rule> > </group> > >
if_sid 1002 then. I'm not sure what else to try, except for me to blow away my install and install whichever version you're using. > > On Thursday, June 2, 2016 at 6:48:13 AM UTC-5, Jacob Mcgrath wrote: >> >> Was wondering on the best route/option to accomplish this? >> >> >> (similar to the USB storage detection) >> >> Was thinking about a batch or bash that would ping servers from a list to >> a file. That every so many minute this >> file would be overwritten with the new results. >> >> If the results "differ" from the last log the alert would be triggered. >> >> >> (other option) >> >> Run script as scheduled task, write to log then monitor log like a syslog. >> Regex for the failed pings. Then alerts. >> >> >> Curious if any had tried and found either way better? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
