Hi Fabrice, as I wrote in the previous reply I found the issue with my
configuration (a missing dot in the value statement). I still get the
warning when the query does not return results but the violation gets
correctly triggered.
I can send you the debug lines anyway if you want
Ty
Il
Hello Cristian,
can you put the log of pfqueue in TRACE and retry , you will have more
debug to understand what happen.
Edit conf/log/conf.d/pfqueue.conf
### pfqueue logger ###
log4perl.rootLogger = TRACE, QUEUE_SYSLOG
Regards
Fabrice
Le 2017-08-07 à 09:23, Cristian Mammoli via
It turns out (at least in my checks) that value is matched with a
regexp. Indeed using ".*" instead of "*" works. I don't get why the
scan "FireWall" which is shipped by Packetfence is configured this way:
[firewall]
attribute = Name
operator = match
value = *
Il 07/08/2017 15:23, Cristian
Hi, this is pretty trivial I think but I didn't find a way to make it work.
I want to trigger a violation when a client has no antivirus installed,
i configured a wmi rule like this:
[custom_Antivirus]
request=select * from AntiVirusProduct
namespace=ROOT\SecurityCenter2
action=
