Hello Xu Feng, I edited ossec.conf and added this line just below active response.
<disabled>no</disabled> And in whitelist the only IP there are of the DNS server. I made changes in ossec. restarted Ossec and still it's not working. Logically it should not allow multiple fake login attempts and should disable the IP for 600 second. Any suggestions? Regards, DM
