On Sat, Jan 25, 2014 at 9:25 PM, frwa onto <[email protected]> wrote: > I have started to use ossec on a new server and suddenly today I could not > log into it via ssh. I am not too sure what exactly have happened the last > messages I got from my email is this > > OSSEC HIDS Notification. > 2014 Jan 26 04:05:19 > > Received From: pro1->/var/log/maillog > Rule: 11 fired (level 4) -> "Excessive number of events (above normal)." > Portion of the log(s): > > The average number of logs between 4:00 and 5:00 is 147. We reached 398. > > > > --END OF NOTIFICATION. Could it be due to this abnormality? >
Probably not. Are you sure OSSEC isn't triggering active response to block your ssh connection? Look in /var/ossec/logs/active-response.log for your IP. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
