Not sure if the issue was solved, but we had a similar problem, where the
issue was with our access lists. The udp logs would be sent to the OSSEC
server but no udp packets could be sent back to the client, so no reaction
was sent. Is a response packet sent by OSSEC?
Hope that helps!
Le lundi
On Mon, Jul 3, 2017 at 10:26 PM, Tunguyen wrote:
> I've checked the ossec.conf on server side and agent side, those are all the
> same as yours
> Here is the agent side:
>
> 20,40,60
>
>
> And the server side is same as above, except that i add
> like this:
>
ossec.conf on the AGENT side, forgot to mention!
Den måndag 3 juli 2017 kl. 12:14:30 UTC+2 skrev Fredrik Hilmersson:
>
> Hey, I had a similar issue with the active response not working as
> intended. The way I solved it was to add the following to the ossec.conf
>
>
>
>
>
>ossec-server
>
Hey, I had a similar issue with the active response not working as
intended. The way I solved it was to add the following to the ossec.conf
ossec-server
30,60,120,240,480
no
kind regards,
Fredrik
Den måndag 3 juli 2017 kl. 12:05:36 UTC+2 skrev Tunguyen:
>
> My rule