Re: [ossec-list] Active response on server not working

Confirmed, this works. Thank you! On Friday, 21 October 2016, dan (ddp) <ddp...@gmail.com> wrote: > On Fri, Oct 21, 2016 at 6:38 AM, Herman Harperink > <herman.harper...@gmail.com <javascript:;>> wrote: > > I've been testing this, doesnt work. > &

Re: [ossec-list] Active response on server not working

I've been testing this, doesnt work. On Wednesday, October 19, 2016 at 6:25:33 PM UTC+2, Herman Harperink wrote: > > Due to some other obligations I am unable to spen much time on this atm. > Thanks for your efforts. I might have some time tomorrow, if I am able to > complete my

Re: [ossec-list] Active response on server not working

Due to some other obligations I am unable to spen much time on this atm. Thanks for your efforts. I might have some time tomorrow, if I am able to complete my current task :-) -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe

Re: [ossec-list] Active response on server not working

That didn't work. Have to try something else. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options,

Re: [ossec-list] Active response on server not working

> > Been testing a little more with this. With all all > agents get updated, except for the server. On the server AR just does not > work like that. > Offcourse, with local it works on the server. So, when you want to protect all your agents from the same attackers, you'll be left with a

Re: [ossec-list] Active response on server not working

host-deny all 6 86400 firewall-drop all 6 86400 -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[ossec-list] Test

Posted two times here, don't see my posts. Please ignore / delete. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com.

[ossec-list] Active response on server not working

I've found that AR is working on my agents, but not on my server. AR is set to ALL on my server. Did I miss something? Version 2.8.3 on Debian. AR log on the server is empty, but not on my agents. Should I have installed the server in hybrid mode? Thanks. -- --- You received this message

[ossec-list] Active response on server

Hi, It seems to me that active response doesn't work on the Ossec server as soon as you add an agent. I can't find any docs on this. Is this normal, should the Ossec server run in hybrid mode to get this working? I've tested this with 2.8.3. After installing the server AR did work on the

Re: [ossec-list] Filter out dynamic dns hostnames

I know that, but maybe somebody know a way around that. Thats why I ask.There is always a way, and I will find it :-) Thanks. On Wed, Aug 3, 2016 at 4:16 PM, dan (ddp) <ddp...@gmail.com> wrote: > On Wed, Aug 3, 2016 at 9:07 AM, Herman Harperink > <herman.harper...@gmail.com>

[ossec-list] Filter out dynamic dns hostnames

Hi all, Can somebody hint me in the right direction on this? I have two dynamic hosts with a ddns hostname and I don't want those to trigger events. But I can't find a way to do that anywhere. Thanks in advance. Herman -- --- You received this message because you are subscribed to the

[ossec-list] Re: Custom rule troubles

Got it running with the following: 31530 web-accesslog zabbix/zabbix.php Ignore all zabbix views This is fun :-) -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails

[ossec-list] Custom rule troubles

Hi all, and thanks for reading. I am new to ossec, however, I've got my system up and running without any problems. Now I have to finetune it for my network, and here is where my troubles start. I am getting alerts that I need to ignore. Most local rules work fine, but one alert is giving me

Re: [ossec-list] OSSEC-Server Upgrade to 2.7.1 - Missing interface to add new agents

Thanks from Germany too, 2 years later :-) I ran into the same problem today but got it fixed thanks to this thread. On Wednesday, January 8, 2014 at 3:29:25 PM UTC+1, dan (ddpbsd) wrote: > > On Wed, Jan 8, 2014 at 5:17 AM, Georg Schönberger > wrote: > > Am Mittwoch, 8.