Got it working - of course ended up having nothing to do with Shorewall. The ar.conf was missing from the agent side. Not sure why it wasn't auto-created, but copied it over from the server and shortly after IP's were being dropped!
Brian On Sun, 2010-05-30 at 12:42 -0500, Hostmaster wrote: > I just set up Ossec (server & agent) yesterday and the one issue I can > see I'm having is this: > > 2010/05/30 11:09:05 ossec-execd(1311): ERROR: Invalid command name > 'firewall-drop600' provided. > 2010/05/30 11:12:27 ossec-execd(1311): ERROR: Invalid command name > 'host-deny600' provided. > 2010/05/30 11:12:27 ossec-execd(1311): ERROR: Invalid command name > 'firewall-drop600' provided. > > I suspect this is because I'm using Shorewall and those would not then > be the valid command. What to I need to change to correct this? > > Thank you in advance, > Brian
