On Jul 11, 2012 9:43 PM, "cosmaschi cristian" <[email protected]> wrote: > > i see that the rules are being processed , but when i check ip tables to se if the host was blocked ... nothing... > > its used to work util 2 days ago... >
What changed? What is your configuration? How did you check iptables? Anything in the active response log? Why didn't you include that info? > > Results: > Total alerts found: 424 > > > > Alert list > 2012 Jul 11 20:56:00 Rule Id: 6212 level: 10 > Location: (Hp22) 209.217.109.82->/var/log/messages > Src IP: 0:55:41 hp22 asterisk[11715]: NOTICE[11747]: chan_sip.c:24170 in handle_request_register: Registration from '<sip:[email protected]:5060>' failed for '99.251.108.141:5060' - No matching peer found > Login session failed (invalid extension). ** Alert 1342054561.21049945: - syslog,asterisk, > It looks like you're using the broken web ui. Stop that. Either fix it or don't use it, and definitely give me an un-messed up alert. > > > On Wed, Jul 11, 2012 at 9:33 PM, dan (ddp) <[email protected]> wrote: >> >> >> On Jul 11, 2012 9:31 PM, "cosmaschi cristian" <[email protected]> wrote: >> > >> > Hello , >> > >> > Im trying to debug on ossec , following >> > http://www.ossec.net/doc/faq/unexpected.html >> > >> > example If you have logs similar to the following in /var/ossec/queue/ossec/queue: >> > >> > when i run >> > >> > tail -f /var/ossec/queue/ossec/queue >> > >> > >> >> That page does not tell you to do that. It probably wants you to tail the logfile: >> `tail -f /var/ossec/logs/ossec.log` >> >> > i get >> > >> > tail: cannot open `/var/ossec/queue/ossec/queue' for reading: No such device or address >> > tail: no files remaining >> > >> > >> > >> > >> > >> > >> > >> > > >
