Hey, someone can help me please, I have a lot of brute force attack notificated by OSSEC, and if the active-response doesn't work before or after they go inside. Anyone at Ossec can help me?
Thanks Luciano On 19 Feb, 16:18, cianop <[email protected]> wrote: > Hi, I had an OSSEC notification that say that a rule with level 10 was > fired but I didn't see any active-response action. I mean no > modification of hosts.* no logs in active-response dir or logs dir. > I have the default rules installed and the two default command and > related active-response (host-deny > and firewall-drop) with the firewall-drop disabled. There is also no > error in ossec.log > > Please help me > > Luciano
