Hi all: First off I want to say that OSSEC-HIDS seems to be an awesome product. I'm really happy with it.
I have what probably is a newbie question about active response. Is there some sort of alert that goes off if active response gets tripped? Second, is there anything special that I would have to do to set up active response besides just enabling it in the config? (and does that get set up on the central server or the agents?). I want to try to block some of the automated SSH attacks that my servers are getting. Thanks, -ben
