On Mon, Feb 5, 2018 at 5:54 AM, <[email protected]> wrote: > Hi all! > > After ossec agent restart (on weekly cron job or random) banned IP's are > deleted from iptables. Is this normal? Can i disable this? > > Ossec tried deleting about 40000 ip's after restart's and load goes tough > the roof. >
This is normal. I don't know why it does this for sure, but I think OSSEC doesn't want to be responsible for tracking these blocks across restarts. If you're interested in adding a knob for this, you can submit a pull request at https://github.com/ossec/ossec-hids > Thank you, > ante > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
