On Tue, Mar 27, 2018, 8:19 AM wrote:
> Hi,
>
> How to generate the rule or decoder specific host/ip.
>
> I'm try rule1 or decoder1 add "ip_address" but is not
> work.
>
Yeah, that won't work. Are you trying to match any log with that IP? That
would be hard to do, not
If you look in the logs directory on the clients, it will show you the
commands that are run to add and remove ips.
On Friday, March 23, 2018 at 10:20:54 AM UTC-4, Ricardo Almeida wrote:
>
> Hi,
>
> I would like to know for how long time OSSEC "store" the blocked IP so
> that it is considered
By default, 10 minutes. But you can change it.
Add this to the ossec.conf on the client machines. The values are in
seconds and you can adjust them
600,3600,7200, 14400
On Friday, March 23, 2018 at 10:20:54 AM UTC-4, Ricardo Almeida wrote:
>
> Hi,
>
> I would like to know for how long
Hi,
How to generate the rule or decoder specific host/ip.
I'm try rule1 or decoder1 add "ip_address" but is not
work.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send