[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] active response

To: ossec-list@xxxxxxxxx
Subject: [ossec-list] active response
From: "Quenten Griffith" <qgriffith@xxxxxxxxx>
Date: Fri, 16 Jun 2006 14:51:54 -0400

Active response does not seem to be working I have the following config in my ossec.conf file

<active-response>
    <disabled>no</disabled>
</active-response>

    <active-response>
    <command>firewall-drop</command>
    <location>local</location>
    <rules_id>1512</rules_id>
</active-response>
<command>
    <name>firewall-drop</name>
    <executable>firewall-drop.sh</executable>
    <expect>srcip</expect>
</command>

And when this rule happens I do not see anything logged to the active respone log file that my command was ran.

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

Follow-Ups:
- [ossec-list] Re: active response
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: problems with 'which' test for executables
Next by Date: [ossec-list] Re: active response
Previous by thread: [ossec-list] Re: problems with 'which' test for executables
Next by thread: [ossec-list] Re: active response
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.