Re: [ossec-list] Apache Rules don't Trigger Active Response

Log of apache 2.4.20_1 in FreeBSD is much more complex which the docoder expect, the standard config can’t understand. I add this instruction in prematch of decoder apache-errorlog. And now the decoder can understand the log *^[\w+ \w+ \d+ \d+:\d+:\d+.\d+ \d+] [:error] [pid \d+] [client

Re: [ossec-list] Apache Rules don't Trigger Active Response

On Thu, May 19, 2016 at 9:25 AM, Patrick wrote: > Thanks so much Dan. > > > The error was simple, but i couldn't see. Thanks so much. > > > I edit the decoder and now the action work. > What changes did you make to the decoder? They might be able to be put into the

Re: [ossec-list] Apache Rules don't Trigger Active Response

Thanks so much Dan. The error was simple, but i couldn't see. Thanks so much. I edit the decoder and now the action work. Em quarta-feira, 18 de maio de 2016 15:49:12 UTC-3, dan (ddpbsd) escreveu: > > On Wed, May 18, 2016 at 2:33 PM, Patrick Müller > wrote: > >

Re: [ossec-list] Apache Rules don't Trigger Active Response

On Wed, May 18, 2016 at 2:33 PM, Patrick Müller wrote: > Hi guys. > > > My configuration is Freebsd-10.2 with ossec-hids-local-2.8.3 installed via > ports. > > > I have this custom configuration for a active reponse which block web > attacks. > > > > > ipfw-www > >

[ossec-list] Apache Rules don't Trigger Active Response

Hi guys. My configuration is Freebsd-10.2 with ossec-hids-local-2.8.3 installed via ports. I have this custom configuration for a active reponse which block web attacks. ipfw-www local 43200 *30202,31151* *This is my test with logtest * **Phase 1: Completed