Hi, going through the configuration options, I noticed the possibility to execute an external script upon detecting a scan. It would be great if you could also (only) trigger an external script upon firing the Auto IDS feature, meaning someone gets blocked by PSAD.
Ideally you would also be able to run a script when the blocked IP is unblocked again. In addition to the IP address, it would be nice if you could provide the block duration, detected danger level and reason (triggered rule or something) as variables to the external script. My use case would be to send notifications to a slack channel when an IP is blocked/unblocked for easy monitoring. I look forward to the reply/replies! :-) Met vriendelijke groet, Rinck H. Sonnenberg Netson Internet Oplossingen
_______________________________________________ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
