[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-dev] Re: active response development
- To: ossec-dev@xxxxxxxxxxxxxxxx
- Subject: [ossec-dev] Re: active response development
- From: "Daniel Cid" <dcid@xxxxxxxxx>
- Date: Sat, 28 Jul 2007 00:01:39 -0300
- Content-disposition: inline
- Content-transfer-encoding: 7bit
Hi John,
I wrote a small article on the wiki on how to write your own active
response scripts. It should help you get started:
http://www.ossec.net/wiki/index.php/Know_How:CustomActiveResponses
*I was going to write it all in the e-mail, but in the wiki its more organized.
*no, ossec does not have much debugging for the active responses, but this is
something that we need to improve in the future.
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 7/27/07, John Ives <jives@xxxxxxxxxxxxxxxxxxxxx> wrote:
>
>
> I am looking for more information on writing my own active active response
> scripts. Specifically, I would like to see examples of the data that is
> passed to the script, any perl example scripts, debugging information (eg
> does ossec have any functions for printing out what it did and if any
> messages where sent back in return), etc. I have a couple active response
> script projects that I am considering and, if I can get them to work, I
> will be happy to share them with others.
>
> Thanks,
>
> John
>
>
> -------------------------------------------------------------------------
> John Ives Phone (510) 642-7773
> System & Network Security Cell (510) 229-8676
> University of California, Berkeley
> -------------------------------------------------------------------------
>
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.