On Thu, Nov 1, 2018 at 4:25 AM <[email protected]> wrote: > > Hi All, > After i configured the active-response on ossec server for telegram bot to > send Alert, it is successfully received ossec server alert. but unable to > receive ossec agent alert. > (Ossec Server configuration) > Ossec.conf >> >> <command> >> <name>send-event</name> >> <executable>sendEvent.sh</executable> >> <expect></expect> >> </command> >> >> <active-response> >> <disabled>no</disabled> >> <command>send-event</command> >> <location>local</location> >> <level>7</level> >> >> </active-response> > > > sendEvent.sh > > TOKEN="xxxxxx" > CHAT_ID="xxxxxx" > ACTION=$1 > USER=$2 > IP=$3 > ALERTID=$4 > RULEID=$5 > LOCAL=`dirname $0`; > cd $LOCAL > cd ../ > PWD=`pwd` > # Logging the call > echo "`date` $0 $1 $2 $3 $4 $5 $6 $7 $8" >> > ${PWD}/../logs/active-responses.log > # Getting alert time > ALERTTIME=`echo "$ALERTID" | cut -d "." -f 1` > # Getting end of alert > ALERTLAST=`echo "$ALERTID" | cut -d "." -f 2` > # Getting full alert > #ALERT='grep -A 5 "$ALERTIME" ${PWD} /../logs/alerts/alerts.log | grep -v ". > $ALERTLAST :"' > ALERT=`grep -A 15 "$ALERTTIME" ${PWD}/../logs/alerts/alerts.log | grep -v > ".$ALERTLAST :" -A 15 ` > curl -s \ > -X POST \ > https://api.telegram.org/bot$TOKEN/sendMessage \ > -d text="$ALERT" \ > -d chat_id=$CHAT_ID > > Ossec Agent server > ar.conf >> >> restart-ossec0 - restart-ossec.sh - 0 >> restart-ossec0 - restart-ossec.cmd - 0 >> send-event0 - sendEvent.sh - 0 > > > What i miss? >
Is sendEvent.sh executable? Does anything get logged to active-responses.log? Is ossec-execd running on the agent and server? Is ossec-monitord running on the server? > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
