Ok the problem was that I thought that <location>all</location> as stated
in the doc would execute the command everywhere (meaning on all the agents
& the server).
But "all" means all the agents except the server.
In order to execute the command on all the agents and the server, I had to
duplicate the active-response ;
<active-response>
<command>host-deny</command>
<location>all</location>
<level>6</level>
<timeout>600</timeout>
</active-response>
<active-response>
<command>firewall-drop</command>
<location>all</location>
<level>6</level>
<timeout>600</timeout>
</active-response>
<active-response>
<command>host-deny</command>
<location>server</location>
<level>6</level>
<timeout>600</timeout>
</active-response>
<active-response>
<command>firewall-drop</command>
<location>server</location>
<level>6</level>
<timeout>600</timeout>
</active-response>
Thank you again for your help dan.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
