On Wed, Jun 28, 2017 at 12:21 PM, Guy Or <[email protected]> wrote: >> It doesnt work, a real shame... It will only work if you dont have spaces >> in your log line. > > This is really really really annoying lol... all that is needed is to wrap > with ' ' the argument (log line with spaces and all sort of characters) when > you pass it to the active response script (works when I manually run it) > but I as a user cannot do that its ossec's code.... also why limit the > argumets to srcip and user? what are the other parameters for (extra_data > etc....) just logging it seems and some rule filtering which kills the level > of logic you can have in the active response script. > > > Maybe in ossec 3.......
You can submit a pull request at https://github.com/ossec/ossec-hids Thanks a lot! >> >> > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
