Hmm, ok. On clients there are entries in active-response.log (eg, firewall-drop.sh). But on the server alerts.log there is no trace of those. If I understand the rules correctly they should be there. I don't see any errors in the ossec.log on client or server.
What's the best way to debug this? Just up the log level to DEBUG? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
