On Fri 2.Sep'16 at 7:37:24 -0400, dan (ddp) wrote:
> On Fri, Sep 2, 2016 at 7:07 AM, C. L. Martinez <[email protected]> wrote:
> > Hi all,
> >
> > Is it posible to assign multiple agent_id for one active reponse only?
> > Example:
> >
> > <active-response>
> > <command>firewall-drop</command>
> > <location>defined-agent</location>
> > <agent_id>003,004</agent_id>
> > <level>7</level>
> > <timeout>86400</timeout>
> > <repeated_offenders>2880,4320,5760</repeated_offenders>
> > </active-response>
> >
> > Thanks.
> >
>
> Have you tried it? I can't remember for sure, but I feel like you can't.
>
Well, I have inserted these lines in ossec.conf's sever manager and restart it.
There is no error in ossec.log. But, how can I test it? If it doesn't works,
could this config be ok?
<active-response>
<command>firewall-drop</command>
<location>defined-agent</location>
<agent_id>003</agent_id>
<level>7</level>
<timeout>86400</timeout>
<repeated_offenders>2880,4320,5760</repeated_offenders>
</active-response>
<active-response>
<command>firewall-drop</command>
<location>defined-agent</location>
<agent_id>004</agent_id>
<level>7</level>
<timeout>86400</timeout>
<repeated_offenders>2880,4320,5760</repeated_offenders>
</active-response>
--
Greetings,
C. L. Martinez
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
