[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: Two questions in one.

To: <ossec-list@xxxxxxxxxxxxxxxx>
Subject: [ossec-list] Re: Two questions in one.
From: "Mark Haney" <mhaney@xxxxxxxxxxxxxxxx>
Date: Fri, 02 Feb 2007 07:54:52 -0500
Content-class: urn:content-classes:message
Content-transfer-encoding: 7bit
Importance: normal
Priority: normal
Thread-index: AcdGyVl1DsbMtk2IRNanFySp69VSyQ==


Daniel Cid wrote:


Hi Mark,

You can have as many "active-response" blocks you want on ossec.
Actually, if you want multiple responses, each one must be inside
a separate active-response tag. If you look at the default config,
it has two entries (one for firewall-drop and one for host-deny).

The "expect" tag currently only supports srcip and username.
However, by default it always pass the action, rule id, event id
and agent name to the scripts...

Thanks for the clarification, is it possible that the ability to passother data via the expect tag be included in future releases?






--
Ita erat quando hic adveni.

Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415

Follow-Ups:
- [ossec-list] regexp syntax?
  - From: Sergey Zhumatiy

References:
- [ossec-list] Two questions in one.
  - From: Mark Haney
- [ossec-list] Re: Two questions in one.
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: OSSEC log iptables problems (not all are loggued by OSSEC)
Next by Date: [ossec-list] regexp syntax?
Previous by thread: [ossec-list] Re: Two questions in one.
Next by thread: [ossec-list] regexp syntax?
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.