Hello to all. First, congratulations to the development team on an exellent piece of software (recognized by SANS, no less)! It was easy to install, and tweaking to one's own specifications is straightforward. I very much look forward to future releases.
Apologies if this is completely lame, but one tweak that I'd like some help on is firewalling. I have installed ossec-hids on a separate server, and added the agent piece to other server which mainly sit in a DMZ. I have iptables/router on yet another box that has been serving my organization admirabley (I'd also like to monitor this box with ossec-hids). What I'd like to do use the iptables/router box to be the recipient of ip addresses added to the deny list, rather than the ossec-hids server. I'm thinking that this should be possible, but don't know how to do it. Can someone help? Many thanks, and best wishes. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
