Do you have active response enabled? If so, what does your active response config look like?
On Sat, Sep 20, 2008 at 5:57 PM, Jay Curtis <[EMAIL PROTECTED]> wrote: > > 16 seperate level 10 email notices on a single vsftpd hack attempt.. > Why didn't ossec kill it or block it on the first try? > Fedora 8 - ossec 1.6 >
