[ossec-list] Re: Rule fired but active-response didn't work

Not sure if the issue was solved, but we had a similar problem, where the issue was with our access lists. The udp logs would be sent to the OSSEC server but no udp packets could be sent back to the client, so no reaction was sent. Is a response packet sent by OSSEC? Hope that helps! Le lundi

Re: [ossec-list] Re: Rule fired but active-response didn't work

On Mon, Jul 3, 2017 at 10:26 PM, Tunguyen wrote: > I've checked the ossec.conf on server side and agent side, those are all the > same as yours > Here is the agent side: > > 20,40,60 > > > And the server side is same as above, except that i add > like this: >

[ossec-list] Re: Rule fired but active-response didn't work

ossec.conf on the AGENT side, forgot to mention! Den måndag 3 juli 2017 kl. 12:14:30 UTC+2 skrev Fredrik Hilmersson: > > Hey, I had a similar issue with the active response not working as > intended. The way I solved it was to add the following to the ossec.conf > > > > > >ossec-server >

[ossec-list] Re: Rule fired but active-response didn't work

Hey, I had a similar issue with the active response not working as intended. The way I solved it was to add the following to the ossec.conf ossec-server 30,60,120,240,480 no kind regards, Fredrik Den måndag 3 juli 2017 kl. 12:05:36 UTC+2 skrev Tunguyen: > > My rule