On Sat, Jan 7, 2012 at 10:26 AM, Peter M Abraham
<[email protected]> wrote:
> Good day:
>
> RE: agent_control -b <ip> -u <id> -f <active-response>
>
> What would the syntax be to have the above run on all agents?
>
> Thank you.
# cd /var/ossec/bin
# ./agent_control
OSSEC HIDS agent_control: Control remote agents.
Available options:
-h This help message.
-l List available (active or not) agents.
-lc List active agents.
-i <id> Extracts information from an agent.
-R <id> Restarts agent.
-r -a Runs the integrity/rootkit checking on all agents now.
-r -u <id> Runs the integrity/rootkit checking on one agent now.
-b <ip> Blocks the specified ip address.
-f <ar> Used with -b, specifies which response to run.
-L List available active responses.
-s Changes the output to CSV (comma delimited).
