hi,
i installed ossec-hids-2.5.1 on fedora 13 as server and i have a
windows xp agent. i 've recently write a new script and corresponding
rule in local-rules to fire that script. i see the alert that detects
my new rule. but it does'nt fire my script. i am sure that every
setting is right, because if i change the rule id to 503 to fire that
script (agent started), my script works properly,but when i add my
rule id, it does'nt fire.
here is my ossec.conf in server side:
<command>
<name>My-script</name>
<executable>my-script.cmd</executable>
<expect></expect>
<timeout_allowed>no</timeout_allowed>
</command>
<active-response>
<command>My-script</command>
<location>local</location>
<rules_id>100010</rules_id>
</active-response>
and i 'm sure to enable active response in windows agent,and have my-
script.cmd in /active response/bin directory in agent side.
any ideas?
