On Tue, Aug 21, 2012 at 3:46 PM, Gil Vidals gvid...@gmail.com wrote:
Dan,
We have active response set to 1 hr, 1 day, 1 week, so assuming the IP is
being blocked for one week and the iptables is reset in the middle of the
week by the sysadmin, then the IP we thought was being blocked is
How can I clear the ossec db for the active responses? I'm not using mysql
for ossec. I have installed whatever the default db is.
I don't need to clear the sys checks; instead I want to clear the active
responses. Is there a way to do this?
--
Gil Vidals
CONFIDENTIALITY NOTICE: The
On Tue, Aug 21, 2012 at 1:37 PM, Gil Vidals gvid...@gmail.com wrote:
How can I clear the ossec db for the active responses? I'm not using mysql
for ossec. I have installed whatever the default db is.
I don't need to clear the sys checks; instead I want to clear the active
responses. Is there
Dan,
Can you tell me specifically what file to clear AND will this resolve the
following condition:
1) active response drops an IP as planned
2) sysadmin restarts the firewall (which clears all the IP drop rules)
3) ossec believes the drop is still in place, but it isn't!
Gil Vidals
On Tue,
On Tue, Aug 21, 2012 at 2:50 PM, Gil Vidals gvid...@gmail.com wrote:
Dan,
Can you tell me specifically what file to clear AND will this resolve the
following condition:
1) active response drops an IP as planned
2) sysadmin restarts the firewall (which clears all the IP drop rules)
3) ossec
Dan,
We have active response set to 1 hr, 1 day, 1 week, so assuming the IP is
being blocked for one week and the iptables is reset in the middle of the
week by the sysadmin, then the IP we thought was being blocked is actually
not being blocked.
Here is a clearer explanation:
Monday - block
On Aug 21, 2012, at 3:46 PM, Gil Vidals wrote:
Dan,
We have active response set to 1 hr, 1 day, 1 week, so assuming the IP is
being blocked for one week and the iptables is reset in the middle of the
week by the sysadmin, then the IP we thought was being blocked is actually
not being
