ossec-control enable debug
On Mar 15, 2011 8:37 AM, "tayebeh amiri" <[email protected]> wrote: > > becuase my script removes usb storage and logs it in an active > response log file.i see my favorite output for the other rules, but > not my written rules. what do you mean by process debug mode? > i've googled, but i can't find any tools for this purpose. > > On 3/14/11, dan (ddp) <[email protected]> wrote: > > How do you know the script isn't running? > > Have you tried running the various processes debug mode? > > > > On Mon, Mar 14, 2011 at 3:09 AM, tayebe <[email protected]> wrote: > >> hi, > >> i installed ossec-hids-2.5.1 on fedora 13 as server and i have a > >> windows xp agent. i 've recently write a new script and corresponding > >> rule in local-rules to fire that script. i see the alert that detects > >> my new rule. but it does'nt fire my script. i am sure that every > >> setting is right, because if i change the rule id to 503 to fire that > >> script (agent started), my script works properly,but when i add my > >> rule id, it does'nt fire. > >> here is my ossec.conf in server side: > >> > >> <command> > >> <name>My-script</name> > >> <executable>my-script.cmd</executable> > >> <expect></expect> > >> <timeout_allowed>no</timeout_allowed> > >> </command> > >> > >> <active-response> > >> <command>My-script</command> > >> <location>local</location> > >> <rules_id>100010</rules_id> > >> </active-response> > >> and i 'm sure to enable active response in windows agent,and have my- > >> script.cmd in /active response/bin directory in agent side. > >> any ideas? > >
