Hi DM, Let's see if I understood you correctly. You installed ossec (local type) on 5 systems and one of them is not working. If that's the case, can you look at the following:
-At /var/ossec/logs/ossec.log for any errors. -At ps auwx |grep ossec to make sure everything is running -At /var/ossec/logs/alerts/alerts.log to make sure the alerts are being created. Can you show the output of them to us? Regarding your second question, OSSEC uses iptables (on Linux) or ipfw/pf/ipf on other unix systems. If you don't have a firewall installed, the active response is not going to be executed. *Btw, always provide the following information when reporting bugs: http://www.ossec.net/wiki/index.php/Community_manual:BugReport Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 5/19/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > I have installed ossechid on 4 server and all are working fine but not on > this server. > Operating system of server is CentOS 4.4 > > Problem: Ossec is installed and running. When I try to test brute force by > making fake logins to server it should block the ip for 600 seconds. But > it's not doing on this server. Ossec installation type is local. In this > server there is no file by name active-responses.log in /var/ossec/logs > > Does ossec need iptables or it got its own firewall. > Can anyone suggest why it's not blocking the IP on brute force attempts? > > Thanks > DM
