Hi, folks.
Even though I've been using O-H for w while now, I still think I have this
screwed up: I want to use the firewall active response. However, it doesn't
seem to be working. My firewall is on a different box from O-H server.
Here's the directive I have in my ossec.conf file:
<active-response>
<!-- Firewall Drop response. Block the IP for
- 600 seconds on the firewall (iptables,
- ipfilter, etc).
-->
<command>firewall-drop</command>
<location>defined-agent</location>
<agent_id>004</agent_id>
<level>6</level>
<timeout>600</timeout>
</active-response>
Would someone be kind enough to give me a hand to make this work?
Many thanks.
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
