Hi List, is it possible to execute a script triged by some rule? Might the results of the execution be sent by email within the alert message?
Like this: situation 1 => after an rule be dispatched i´d like to add in the alert he results of ´whois srcip´... situation 2 => if OSSEC receive an log sent by my IDS (some policy violation for exemple) related (by srcip) with my proxy server i´d like to include in alert an subset of my proxy access_logs (for example: `tail -10000 /var/log/squidlog | grep <srcip>`). Another question: is it possible correlate in a rule 2 diferent events, for exemple if IDS log matches XXX and PROXY logs match <srcip> (from the first event) then sent an new alert (or events generated by 2 diferent agents)? Thanks, -- Mário To unsubscribe from this group, send email to ossec-list+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
