[ossec-list] Repeated Offenders not triggering

Chris Warren Mon, 12 Dec 2011 20:28:58 -0800

Hi,
I'm am trying out the <repeated_offenders> option but it does not seem to be 
triggering.


Here is my active response config:
  <active-response>
    <!-- Firewall Drop response. Block the IP for
       - 600 seconds on the firewall (iptables,
       - ipfilter, etc).
      -->
    <command>firewall-drop</command>
    <location>all</location>
    <level>7</level>
    <timeout>600</timeout>
    <repeated_offenders>30,60,120,1440</repeated_offenders>
  </active-response>


I also get this when restarting OSSEC:
2011/12/12 19:39:15 ossec-execd: INFO: Adding offenders timeout: 30 (for #1)
2011/12/12 19:39:15 ossec-execd: INFO: Adding offenders timeout: 60 (for #2)
2011/12/12 19:39:15 ossec-execd: INFO: Adding offenders timeout: 120 (for #3)
2011/12/12 19:39:15 ossec-execd: INFO: Adding offenders timeout: 1440 (for #4)

So all appears well, however, I am seeing the same offender being unblocked 
after 600 seconds each time.

Thanks for any help offered.

Chris

[ossec-list] Repeated Offenders not triggering

Reply via email to