Hi,
Does ossec trigger any actions from log files? I am using the default
settings in ossec.conf. But we had an instance where rule: 31115 fired and
put that IP address on apache block list. We disable ossec agent and the
user are fine.Received From: (server) x.x.x.x->/var/log/apache2/access.log Rule: 31115 fired (level 13) -> "URL too long. Higher than allowed on most browsers. Possible attack." Portion of the log(s): thanks
