On Thu, Mar 13, 2014 at 2:24 PM, Mike Wisniewski <[email protected]> wrote: > Thanks for the quick response. Please see inline for naswers. > > On Thursday, March 13, 2014 12:57:34 PM UTC-5, dan (ddpbsd) wrote: >> >> On Thu, Mar 13, 2014 at 1:53 PM, Mike Wisniewski <[email protected]> wrote: >> [...] >> >> >> Are you using active response? > > > Yes, I am trying to use active response. I'm trying to get it to dump IP's > in /etc/hosts.deny. I am reading logs from another device in a directory > that doesn't support ossec. It's actually dumping the apache logs and I'm > trying to get it to add it to the hosts.deny on the server. >
Make sure AR isn't disabled. Make sure ossec-execd is running. Make sure AR is configured for the server and not just the agents. >> >> >> > and the FAQ says to install the agent....but it's a server that's >> > already >> > being monitored by OSSEC by default. >> > >> >> I'll have to check that out, because it makes no sense. > > > I know one thing is to check to see if 'ossec-analysis' is running, which it > is. > Yeah, I checked out the FAQ and explained it in a second email. > > Thanks all for the help. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
