Confirmed, this works.
Thank you!
On Friday, 21 October 2016, dan (ddp) wrote:
> On Fri, Oct 21, 2016 at 6:38 AM, Herman Harperink
> > wrote:
> > I've been testing this, doesnt work.
> >
>
> Here's what's working for me:
>
>
On Fri, Oct 21, 2016 at 6:38 AM, Herman Harperink
wrote:
> I've been testing this, doesnt work.
>
Here's what's working for me:
firewall-drop
all
5712,5718
firewall-drop
server
5712,5718
> On Wednesday, October 19, 2016 at
I've been testing this, doesnt work.
On Wednesday, October 19, 2016 at 6:25:33 PM UTC+2, Herman Harperink wrote:
>
> Due to some other obligations I am unable to spen much time on this atm.
> Thanks for your efforts. I might have some time tomorrow, if I am able to
> complete my current task
Due to some other obligations I am unable to spen much time on this atm. Thanks
for your efforts. I might have some time tomorrow, if I am able to complete my
current task :-)
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe
That didn't work. Have to try something else.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options,
On Mon, Oct 17, 2016 at 9:02 AM, Herman Harperink
wrote:
>> Been testing a little more with this. With all all
>> agents get updated, except for the server. On the server AR just does not
>> work like that.
>
> Offcourse, with local it works on the server.
>
> So,
>
> Been testing a little more with this. With all all
> agents get updated, except for the server. On the server AR just does not
> work like that.
>
Offcourse, with local it works on the server.
So, when you want to protect all your agents from the same attackers,
you'll be left with a
host-deny
all
6
86400
firewall-drop
all
6
86400
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
On Oct 15, 2016 10:51 AM, "Herman Harperink"
wrote:
>
> I've found that AR is working on my agents, but not on my server. AR is
set to ALL on my server.
> Did I miss something?
>
> Version 2.8.3 on Debian. AR log on the server is empty, but not on my
agents.
> Should I
I've found that AR is working on my agents, but not on my server. AR is set to
ALL on my server.
Did I miss something?
Version 2.8.3 on Debian. AR log on the server is empty, but not on my agents.
Should I have installed the server in hybrid mode?
Thanks.
--
---
You received this message
Hi,
It seems to me that active response doesn't work on the Ossec server as soon as
you add an agent. I can't find any docs on this. Is this normal, should the
Ossec server run in hybrid mode to get this working?
I've tested this with 2.8.3. After installing the server AR did work on the
Weird... Just curious, how did you figure it out?
On Tue, May 26, 2015 at 10:29 AM, Xavier Mertens xmert...@gmail.com wrote:
FYI, my problem has been solved by reformating the comment in the
active-response section:
Changed from:
!-- comment --
To:
!-- comment
--
Bug?
/x
On
FYI, my problem has been solved by reformating the comment in the
active-response section:
Changed from:
!-- comment --
To:
!-- comment
--
Bug?
/x
On Fri, May 22, 2015 at 3:22 AM, Santiago Bassett
santiago.bass...@gmail.com wrote:
Not sure if this is of any help, but try to run
Hi,
I don't often write to the group (I'm following it closely) but today, I've
a question...
I'd like to trigger an Active-Response script on the _server_ for _any_
alert (ex with level 10).
I don't want to deply the script on all agents.
At the moment, here is my active-response config (for
14 matches
Mail list logo