Hi I have one ossec server and 10 clients connected to it. But a cant get active response to work on all clients.
I have in the ossec.conf set that I want active response on for all clients and on level 5. Of the firewall drop rule. But when i do an nmap scan to the server or the clients nothing happends. And if I get an web scans on my webbserver the ossec dont do anything. Is there som more ports that must be open on the server the 1514. I have an iptables firewall on every host. Nothing comes up in the ossec logs // Matte
