Hi, I had an OSSEC notification that say that a rule with level 10 was fired but I didn't see any active-response action. I mean no modification of hosts.* no logs in active-response dir or logs dir. I have the default rules installed and the two default command and related active-response (host-deny and firewall-drop) with the firewall-drop disabled. There is also no error in ossec.log
Please help me Luciano
