Hi, this is pretty trivial I think but I didn't find a way to make it work.
I want to trigger a violation when a client has no antivirus installed,
i configured a wmi rule like this:
[custom_Antivirus]
request=select * from AntiVirusProduct
namespace=ROOT\SecurityCenter2
action= <<EOT
[AntivirusPresent]
attribute = displayName
operator = match
value = *
[1:!AntivirusPresent]
action=trigger_violation
action_param = mac = $mac, tid = 100002, type = INTERNAL
EOT
on_tab=1
But it does not work, I think the problem is that the query does not
return any result and I get inthe logs:
pfqueue(7319) ERROR: [mac:20:cf:30:36:7c:bb] No WMI header given in
string '' (pf::scan::wmi::rules::parseResult)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
