Dear Dan,
No there is no such log
/var/ossec/logs/active-response.log in my case. So I guess it should be
something else causing it to hang then. Thank you.
Regards,
Frwa.
On Thursday, January 30, 2014 8:56:23 PM UTC+8, dan (ddpbsd) wrote:
>
> On Sat, Jan 25, 2014 at 9:25 PM, frwa onto <[email protected]<javascript:>>
> wrote:
> > I have started to use ossec on a new server and suddenly today I could
> not
> > log into it via ssh. I am not too sure what exactly have happened the
> last
> > messages I got from my email is this
> >
> > OSSEC HIDS Notification.
> > 2014 Jan 26 04:05:19
> >
> > Received From: pro1->/var/log/maillog
> > Rule: 11 fired (level 4) -> "Excessive number of events (above normal)."
> > Portion of the log(s):
> >
> > The average number of logs between 4:00 and 5:00 is 147. We reached 398.
> >
> >
> >
> > --END OF NOTIFICATION. Could it be due to this abnormality?
> >
>
> Probably not. Are you sure OSSEC isn't triggering active response to
> block your ssh connection? Look in /var/ossec/logs/active-response.log
> for your IP.
>
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> Groups
> > "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to [email protected] <javascript:>.
> > For more options, visit https://groups.google.com/groups/opt_out.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
