On Sun, Feb 8, 2015 at 6:11 PM, Ricardo Galossi <[email protected]> wrote: > Hi there guys, > I'm facing a problem with ossec, I hope you can help me. I've configured my > ossec to monitoring apache and modsecurity's log of my chroot. I put the > lines below on ossec.conf: > > <localfile> > <log_format>apache</log_format> > <location>/var/chroot/var/log/apache2/modsec_audit.log</location> > </localfile> > > <localfile> > <log_format>apache</log_format> > <location>/var/chroot/var/log/apache2/error.log</location> > </localfile> > > The problem is that ossec doesn't block any attack. I received the ossec's > logs normally, but every log has the same ID, like this: > > Received From: Ubuntu->/var/chroot/var/log/apache2/error.log > Rule: 1002 fired (level 6) -> "Unknown problem somewhere in the system." > Portion of the log(s): > > Thank you for your attention. >
You neglected to include any real information. How have you configured active response? Is ossec-execd running on the agent? Do you have log samples you can supply? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
