Re: [ossec-list] Will app get blocked on heavy mysql queries?

Mon, 09 Nov 2015 20:11:18 -0800 

Hi Santiago,
                   I am just running as standalone so its not a manager or 
agent. I have another machine for instance I am using the older ossec 2.7.1 
in that one I have tried say I got my phpymadmin and when I start browsing 
huge data ossec will block me an only after some time I can login here is 
the active response log as below.

Tue Nov 10 11:48:12 MYT 2015 
/var/ossec/active-response/bin/firewall-drop.sh add - 10.212.134.200 
1447127292.12356 31106
Tue Nov 10 11:48:12 MYT 2015 /var/ossec/active-response/bin/host-deny.sh 
add - 10.212.134.200 1447127292.12356 31106
Tue Nov 10 11:58:42 MYT 2015 /var/ossec/active-response/bin/host-deny.sh 
delete - 10.212.134.200 1447127292.12356 31106
Tue Nov 10 11:58:42 MYT 2015 
/var/ossec/active-response/bin/firewall-drop.sh delete - 10.212.134.200 
1447127292.12356 31106

I dont know what trigger is exactly but I know due to my browsing of huge 
data and also how to overcome this issue? In my older version I saw this 
error too 
ossec-execd: INFO: Active response command not present: 
'/var/ossec/active-response/bin/restart-ossec.cmd'. Not using it on this 
system.

This is my worry on the new machine using 2.8.1 the app might get block 
from accessing the data.

On Tuesday, November 10, 2015 at 9:18:45 AM UTC+8, Santiago Bassett wrote:
>
> Are you running an agent or the manager? I don't think OSSEC would block 
> access to your mysql db.
>
> On Mon, Nov 9, 2015 at 8:19 AM, frwa onto <frwa...@gmail.com <javascript:>
> > wrote:
>
>> Hi,
>>     I have centos server. I have managed to install ossec 2.8.1. It 
>> mainly runs a socket programming app. For every instance of a connection it 
>> will receive data and insert into mysql db. What I worried in what scenario 
>> will it block the access to this local mysql db as I can see there some 
>> rules for mysql? Sorry very new to these.
>>
>> -- 
>>
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ossec-list+...@googlegroups.com <javascript:>.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to