On Mar 21, 2015 4:08 PM, "Nhen Panha" <[email protected]> wrote: > > I think I also use auto response that is the configuration: >
Is ossec-execd running? Do you get any errors when you run: ossec-execd -d > <!-- Active Response Config --> > <active-response> > <!-- This response is going to execute the host-deny > - command for every event that fires a rule with > - level (severity) >= 6. > - The IP is going to be blocked for 600 seconds. > --> > <command>host-deny</command> > <location>local</location> > <level>6</level> > <timeout>600</timeout> > </active-response> > > <active-response> > <!-- Firewall Drop response. Block the IP for > - 600 seconds on the firewall (iptables, > - ipfilter, etc). > --> > <command>firewall-drop</command> > <location>local</location> > <level>6</level> > <timeout>600</timeout> > </active-response> > > > On Sunday, March 22, 2015 at 2:36:52 AM UTC+7, Nhen Panha wrote: >> >> When I config ossec, I always error these: >> >> >> ERROR: Queue '/queue/alerts/ar' not accessible: 'Connection refused'. >> >> ossec-analysisd(1301): ERROR: Unable to connect to active response queue. >> >> >> Thank for your help! > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
