[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] Re: Quick Active Response Question
- To: ossec-list@xxxxxxxxxxxxxxxx
- Subject: [ossec-list] Re: Quick Active Response Question
- From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
- Date: Sat, 24 Feb 2007 16:40:16 -0400
- Content-disposition: inline
- Content-transfer-encoding: 7bit
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Cp/UQd1P1zwblAgrOHxJwcgfFVfCQ3SaoVjgqqu0rc7XwdYaUuYxaY5L+ZrfLTYPLutPj5+1/4ZEibYe2ULtgo72p5N0chBUW+M5oykG5cWQt7qkXopgtNjMdh+PbHYwfThTafxYdoUhi6LWlZUcfJFKs4n8UzVhZ83xbIQuFtY=
Hi Kurt,
The "all" option means all connected agents, but not the server. However, on 1.0
there was a bug that is was also firing on the server (it is fixed on
the latest beta).
Hope it helps.
--
Daniel B. Cid
dcid ( at ) ossec.net
On 2/22/07, Kurt <sifukurt@xxxxxxxxx> wrote:
I wanted to know if someone could provide me with a little bit of clarification. I think I know the answer but I want to confirm this before I potentially head off in the wrong direction. When configuring active response, when specifiying the "location," does the "all" option apply to the analysis server and *all* of the sensors? Or just the analysis server and the sensor in question?
Thanks in advance.
Kurt
perl -e "($_='tjgvlvsuAzbipp/dpn')=~s/(.)/chr(ord($1)-1)/ge;print"
My Blog: http://kwoon.blogspot.com
PGP Public Key (0x71D25CDA) @ http://cryptonomicon.mit.edu/
-----
Inveniemus viam aut faciemus --Hannibal
____________________________________________________________________________________
Expecting? Get great news right away with email Auto-Check.
Try the Yahoo! Mail Beta.
http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.