Active response
35 views
Skip to first unread message
Nguyễn Văn Hớn
Jul 2, 2014, 2:24:55 PM7/2/14
to ossec...@googlegroups.com
This is my config acitve response in Agent
<active-response>
<disabled>no</disabled>
</active-response>
<command>
<name>restart</name>
<executable>restart.cmd</executable>
<expect></expect>
</command>
<active-response>
<command>restart</command>
<location>all</location>
<level>7</level>
<rules_id>503002</rules_id>
</active-response>
Rule 503002 is detect new USB. i have write script restart.cmd is restart computer to test. But when i attach usb i have alert new USB but active response not running restart my computer. what is my wrong?
dan (ddp)
Jul 2, 2014, 2:42:45 PM7/2/14
to ossec...@googlegroups.com
On Wed, Jul 2, 2014 at 2:24 PM, Nguyễn Văn Hớn <hon...@gmail.com> wrote:
> This is my config acitve response in Agent
>
> <active-response>
> <disabled>no</disabled>
> </active-response>
>
> <command>
> <name>restart</name>
> <executable>restart.cmd</executable>
> <expect></expect>
> </command>
>
> <active-response>
> <command>restart</command>
> <location>all</location>
> <level>7</level>
> <rules_id>503002</rules_id>
> </active-response>
>
I believe the above should be defined in the OSSEC manager, not the agent.
> This is my config acitve response in Agent
>
> <active-response>
> <disabled>no</disabled>
> </active-response>
>
> <command>
> <name>restart</name>
> <executable>restart.cmd</executable>
> <expect></expect>
> </command>
>
> <active-response>
> <command>restart</command>
> <location>all</location>
> <level>7</level>
> <rules_id>503002</rules_id>
> </active-response>
>
> Rule 503002 is detect new USB. i have write script restart.cmd is restart
> computer to test. But when i attach usb i have alert new USB but active
> response not running restart my computer. what is my wrong?
>
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Nguyễn Văn Hớn
Jul 2, 2014, 2:59:10 PM7/2/14
to ossec...@googlegroups.com
thank Dan. but how to config active response in window. i want to run script restart computer when i attach usb in window
Vào 01:24:55 UTC+7 Thứ năm, ngày 03 tháng bảy năm 2014, Nguyễn Văn Hớn đã viết:
Vào 01:24:55 UTC+7 Thứ năm, ngày 03 tháng bảy năm 2014, Nguyễn Văn Hớn đã viết:
dan (ddp)
Jul 2, 2014, 3:01:10 PM7/2/14
to ossec...@googlegroups.com
On Wed, Jul 2, 2014 at 2:59 PM, Nguyễn Văn Hớn <hon...@gmail.com> wrote:
> thank Dan. but how to config active response in window. i want to run script
> restart computer when i attach usb in window
>
It should work the same way as running active response scripts on any
> thank Dan. but how to config active response in window. i want to run script
> restart computer when i attach usb in window
>
other agent.
> Vào 01:24:55 UTC+7 Thứ năm, ngày 03 tháng bảy năm 2014, Nguyễn Văn Hớn đã
> viết:
>>
>> This is my config acitve response in Agent
>>
>> <active-response>
>> <disabled>no</disabled>
>> </active-response>
>>
>> <command>
>> <name>restart</name>
>> <executable>restart.cmd</executable>
>> <expect></expect>
>> </command>
>>
>> <active-response>
>> <command>restart</command>
>> <location>all</location>
>> <level>7</level>
>> <rules_id>503002</rules_id>
>> </active-response>
>>
>> Rule 503002 is detect new USB. i have write script restart.cmd is restart
>> computer to test. But when i attach usb i have alert new USB but active
>> response not running restart my computer. what is my wrong?
>
Reply all
Reply to author
Forward
0 new messages