j***@gmail.com
2018-11-01 03:51:59 UTC
Hi All,
After i configured the active-response on ossec server for telegram bot to
send Alert, it is successfully received ossec server alert. but unable to
receive ossec agent alert.
(Ossec Server configuration)
TOKEN="xxxxxx"
ar.conf
After i configured the active-response on ossec server for telegram bot to
send Alert, it is successfully received ossec server alert. but unable to
receive ossec agent alert.
(Ossec Server configuration)
Ossec.conf
<command>
<name>send-event</name>
<executable>sendEvent.sh</executable>
<expect></expect>
</command>
<active-response>
<disabled>no</disabled>
<command>send-event</command>
<location>local</location>
<level>7</level>
</active-response>
sendEvent.sh<command>
<name>send-event</name>
<executable>sendEvent.sh</executable>
<expect></expect>
</command>
<active-response>
<disabled>no</disabled>
<command>send-event</command>
<location>local</location>
<level>7</level>
</active-response>
TOKEN="xxxxxx"
CHAT_ID="xxxxxx"
ACTION=$1
USER=$2
IP=$3
ALERTID=$4
RULEID=$5
LOCAL=`dirname $0`;
cd $LOCAL
cd ../
PWD=`pwd`
# Logging the call
echo "`date` $0 $1 $2 $3 $4 $5 $6 $7 $8" >>
${PWD}/../logs/active-responses.log
# Getting alert time
ALERTTIME=`echo "$ALERTID" | cut -d "." -f 1`
# Getting end of alert
ALERTLAST=`echo "$ALERTID" | cut -d "." -f 2`
# Getting full alert
#ALERT='grep -A 5 "$ALERTIME" ${PWD} /../logs/alerts/alerts.log | grep -v
". $ALERTLAST :"'
ALERT=`grep -A 15 "$ALERTTIME" ${PWD}/../logs/alerts/alerts.log | grep -v
".$ALERTLAST :" -A 15 `
curl -s \
-X POST \
https://api.telegram.org/bot$TOKEN/sendMessage \
-d text="$ALERT" \
-d chat_id=$CHAT_ID
Ossec Agent serverACTION=$1
USER=$2
IP=$3
ALERTID=$4
RULEID=$5
LOCAL=`dirname $0`;
cd $LOCAL
cd ../
PWD=`pwd`
# Logging the call
echo "`date` $0 $1 $2 $3 $4 $5 $6 $7 $8" >>
${PWD}/../logs/active-responses.log
# Getting alert time
ALERTTIME=`echo "$ALERTID" | cut -d "." -f 1`
# Getting end of alert
ALERTLAST=`echo "$ALERTID" | cut -d "." -f 2`
# Getting full alert
#ALERT='grep -A 5 "$ALERTIME" ${PWD} /../logs/alerts/alerts.log | grep -v
". $ALERTLAST :"'
ALERT=`grep -A 15 "$ALERTTIME" ${PWD}/../logs/alerts/alerts.log | grep -v
".$ALERTLAST :" -A 15 `
curl -s \
-X POST \
https://api.telegram.org/bot$TOKEN/sendMessage \
-d text="$ALERT" \
-d chat_id=$CHAT_ID
ar.conf
restart-ossec0 - restart-ossec.sh - 0
restart-ossec0 - restart-ossec.cmd - 0
send-event0 - sendEvent.sh - 0
What i miss?restart-ossec0 - restart-ossec.cmd - 0
send-event0 - sendEvent.sh - 0
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.