Dan, Can you tell me specifically what file to clear AND will this resolve the following condition:
1) active response drops an IP as planned 2) sysadmin restarts the firewall (which clears all the IP drop rules) 3) ossec believes the drop is still in place, but it isn't! Gil Vidals On Tue, Aug 21, 2012 at 10:50 AM, dan (ddp) <ddp...@gmail.com> wrote: > On Tue, Aug 21, 2012 at 1:37 PM, Gil Vidals <gvid...@gmail.com> wrote: > > How can I clear the ossec db for the active responses? I'm not using > mysql > > for ossec. I have installed whatever the default db is. > > > > I don't need to clear the sys checks; instead I want to clear the active > > responses. Is there a way to do this? > > > > -- > > Gil Vidals > > > > CONFIDENTIALITY NOTICE: The information contained in this transmission > may > > contain privileged and confidential information. It is intended only for > > the use of the person(s) named above. If you are not the intended > > recipient, please contact the sender by reply email and permanently > delete > > the original message. > > > > By default OSSEC only logs to text files. I guess you could stop the > OSSEC processes, clear the file, and start OSSEC back up. > -- Gil Vidals CONFIDENTIALITY NOTICE: The information contained in this transmission may contain privileged and confidential information. It is intended only for the use of the person(s) named above. If you are not the intended recipient, please contact the sender by reply email and permanently delete the original message.
