I have setup OSSEC and it is a great tool. It has already caught a few things for me. I about to enable Active Response as well to help stop the brute force SSH attackes I keep on getting. I have not been able to get OSSEC to alert me on my firewall log however. It is generated with syslog-ng and I added to my local list as a syslog type. So far I have yet to recive one alert on this log. I get a lot of drops during the day because of attempting hacks in my fwlog however OSSEC does not send me anything. What is the alert looking for in firewall logs?
--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---
- [ossec-list] fwlog question Quenten Griffith
- [ossec-list] Re: fwlog question Daniel Cid
- [ossec-list] Re: fwlog question larry2006jack
- [ossec-list] Re: fwlog question larry2006jack
