On Apr 30, 2014 10:18 PM, "Thomas Moretto" <[email protected]> wrote: > > Thanks Dan ... I presume that is in the documentation on ossec's website?
> Take a peek and find out. I think it'll depend on how you decide to set it up, and how much you're willing to think. There is a mailing list available though. They answer questions sometimes. > Sent from my iPad > > On Apr 30, 2014, at 10:13 PM, "dan (ddp)" <[email protected]> wrote: > >> >> On Apr 30, 2014 10:07 PM, "Thomas Moretto" <[email protected]> wrote: >> > >> > if i have a centralized log server, and have ossec read those logs, can i have the ossec server apply the ip firewall block to all the servers contributing to the central log server? >> > >> > example. >> > contributing servers: >> > server01 server02 server03 server04 >> > >> > central log server: >> > logserver01 >> > >> > ossec server: >> > ossecserver01 >> > >> > say ip address 37.24.199.45 just got flagged for multiple failed SSH attempts on server01. >> > >> > can i have ossec read that failure on the central log server and apply the iptables block on all the contributing servers? >> > >> >> Yes. You just need to setup active response correctly. >> >> > >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
