Hi All,
After i configured the active-response on ossec server for telegram bot to
send Alert, it is successfully received ossec server alert. but unable to
receive ossec agent alert.
(Ossec Server configuration)
> Ossec.conf
> <command>
> <name>send-event</name>
> <executable>sendEvent.sh</executable>
> <expect></expect>
> </command>
> <active-response>
> <disabled>no</disabled>
> <command>send-event</command>
> <location>local</location>
> <level>7</level>
> </active-response>
sendEvent.sh
TOKEN="xxxxxx"
> CHAT_ID="xxxxxx"
> ACTION=$1
> USER=$2
> IP=$3
> ALERTID=$4
> RULEID=$5
> LOCAL=`dirname $0`;
> cd $LOCAL
> cd ../
> PWD=`pwd`
> # Logging the call
> echo "`date` $0 $1 $2 $3 $4 $5 $6 $7 $8" >>
> ${PWD}/../logs/active-responses.log
> # Getting alert time
> ALERTTIME=`echo "$ALERTID" | cut -d "." -f 1`
> # Getting end of alert
> ALERTLAST=`echo "$ALERTID" | cut -d "." -f 2`
> # Getting full alert
> #ALERT='grep -A 5 "$ALERTIME" ${PWD} /../logs/alerts/alerts.log | grep -v
> ". $ALERTLAST :"'
> ALERT=`grep -A 15 "$ALERTTIME" ${PWD}/../logs/alerts/alerts.log | grep -v
> ".$ALERTLAST :" -A 15 `
> curl -s \
> -X POST \
> https://api.telegram.org/bot$TOKEN/sendMessage \
> -d text="$ALERT" \
> -d chat_id=$CHAT_ID
Ossec Agent server
ar.conf
> restart-ossec0 - restart-ossec.sh - 0
> restart-ossec0 - restart-ossec.cmd - 0
> send-event0 - sendEvent.sh - 0
What i miss?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
