Re: [ossec-list] Active response on server not working

2016-10-22 Thread Herman Harperink
Confirmed, this works. Thank you! On Friday, 21 October 2016, dan (ddp) wrote: > On Fri, Oct 21, 2016 at 6:38 AM, Herman Harperink > > wrote: > > I've been testing this, doesnt work. > > > > Here's what's working for me: > >

Re: [ossec-list] Active response on server not working

2016-10-21 Thread dan (ddp)
On Fri, Oct 21, 2016 at 6:38 AM, Herman Harperink wrote: > I've been testing this, doesnt work. > Here's what's working for me: firewall-drop all 5712,5718 firewall-drop server 5712,5718 > On Wednesday, October 19, 2016 at

Re: [ossec-list] Active response on server not working

2016-10-21 Thread Herman Harperink
I've been testing this, doesnt work. On Wednesday, October 19, 2016 at 6:25:33 PM UTC+2, Herman Harperink wrote: > > Due to some other obligations I am unable to spen much time on this atm. > Thanks for your efforts. I might have some time tomorrow, if I am able to > complete my current task

Re: [ossec-list] Active response on server not working

2016-10-19 Thread Herman Harperink
Due to some other obligations I am unable to spen much time on this atm. Thanks for your efforts. I might have some time tomorrow, if I am able to complete my current task :-) -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe

Re: [ossec-list] Active response on server not working

2016-10-17 Thread Herman Harperink
That didn't work. Have to try something else. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options,

Re: [ossec-list] Active response on server not working

2016-10-17 Thread dan (ddp)
On Mon, Oct 17, 2016 at 9:02 AM, Herman Harperink wrote: >> Been testing a little more with this. With all all >> agents get updated, except for the server. On the server AR just does not >> work like that. > > Offcourse, with local it works on the server. > > So,

Re: [ossec-list] Active response on server not working

2016-10-17 Thread Herman Harperink
> > Been testing a little more with this. With all all > agents get updated, except for the server. On the server AR just does not > work like that. > Offcourse, with local it works on the server. So, when you want to protect all your agents from the same attackers, you'll be left with a

Re: [ossec-list] Active response on server not working

2016-10-16 Thread Herman Harperink
host-deny all 6 86400 firewall-drop all 6 86400 -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [ossec-list] Active response on server not working

2016-10-15 Thread dan (ddp)
On Oct 15, 2016 10:51 AM, "Herman Harperink" wrote: > > I've found that AR is working on my agents, but not on my server. AR is set to ALL on my server. > Did I miss something? > > Version 2.8.3 on Debian. AR log on the server is empty, but not on my agents. > Should I