Dear OSSEC team, I am using both on Ossec server&clients the last 2.8.1 Ossec version on debian Wheezy. Copy and Paste event in ossec-logtest give me good output. When agent.conf is modified the active response to restart all client is working fine. Server and clients are using up to date and same agent.conf, ar.conf and merge.mg files. All clients and md5sum of agent.con on the server are the same. Dropping an IP by using on the server "firewall-drop.sh add -u toto x.x.x.x" is working fine and all clients drop the given IP and add a line in active-response.log But then when the server receive an alert about an attack from a specific IP@, I write it in the alert.log but nothing else ! No active response.... As this came from my last update at the end of december I am thinking this is a bug... or not ?
Many thanks and all the best Thomas -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.