Dan, Ouch, you just killed me...
Maybe Cristian doesn't know the netiquette in mail lists. Rules 2012/7/11 dan (ddp) <[email protected]> > > On Jul 11, 2012 9:43 PM, "cosmaschi cristian" <[email protected]> > wrote: > > > > i see that the rules are being processed , but when i check ip tables > to se if the host was blocked ... nothing... > > > > its used to work util 2 days ago... > > > > What changed? What is your configuration? How did you check iptables? > Anything in the active response log? Why didn't you include that info? > > > > > Results: > > Total alerts found: 424 > > > > > > > > Alert list > > 2012 Jul 11 20:56:00 Rule Id: 6212 level: 10 > > Location: (Hp22) 209.217.109.82->/var/log/messages > > Src IP: 0:55:41 hp22 asterisk[11715]: NOTICE[11747]: chan_sip.c:24170 in > handle_request_register: Registration from '<sip:[email protected]:5060>' > failed for '99.251.108.141:5060' - No matching peer found > > Login session failed (invalid extension). ** Alert 1342054561.21049945: > - syslog,asterisk, > > > > It looks like you're using the broken web ui. Stop that. Either fix it or > don't use it, and definitely give me an un-messed up alert. > > > > > > > On Wed, Jul 11, 2012 at 9:33 PM, dan (ddp) <[email protected]> wrote: > >> > >> > >> On Jul 11, 2012 9:31 PM, "cosmaschi cristian" < > [email protected]> wrote: > >> > > >> > Hello , > >> > > >> > Im trying to debug on ossec , following > >> > http://www.ossec.net/doc/faq/unexpected.html > >> > > >> > example If you have logs similar to the following in > /var/ossec/queue/ossec/queue: > >> > > >> > when i run > >> > > >> > tail -f /var/ossec/queue/ossec/queue > >> > > >> > > >> > >> That page does not tell you to do that. It probably wants you to tail > the logfile: > >> `tail -f /var/ossec/logs/ossec.log` > >> > >> > i get > >> > > >> > tail: cannot open `/var/ossec/queue/ossec/queue' for reading: No such > device or address > >> > tail: no files remaining > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > > > > >
