Disable remove of IP's after ossec restart

[heimdal...@gmail.com]

Hi all!

After ossec agent restart (on weekly cron job or random) banned IP's are deleted from iptables. Is this normal? Can i disable this? 

Ossec tried deleting about 40000 ip's after restart's and load goes tough the roof.

Thank you,

ante

[dan (ddp)]

This is normal. I don't know why it does this for sure, but I think
OSSEC doesn't want to be responsible for tracking these blocks across
restarts.
If you're interested in adding a knob for this, you can submit a pull
request at https://github.com/ossec/ossec-hids

> Thank you,
> ante
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[cloe logcl]

Hello,list!


in internal_options.conf

# Maild grouping (0=disabled, 1=enabled)
maild.groupping=0

(restart ossec)

but mails still groups.
why?



my setup - ossec 2.8

[dan (ddp)]

I don't remember there being issues with that in 2.8, but it's been a
long long time.
Could you try updating to a recent version?