On Apr 30, 2014 10:07 PM, "Thomas Moretto" <[email protected]> wrote: > > if i have a centralized log server, and have ossec read those logs, can i have the ossec server apply the ip firewall block to all the servers contributing to the central log server? > > example. > contributing servers: > server01 server02 server03 server04 > > central log server: > logserver01 > > ossec server: > ossecserver01 > > say ip address 37.24.199.45 just got flagged for multiple failed SSH attempts on server01. > > can i have ossec read that failure on the central log server and apply the iptables block on all the contributing servers? >
Yes. You just need to setup active response correctly. > > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
