Hi, folks. Even though I've been using O-H for w while now, I still think I have this screwed up: I want to use the firewall active response. However, it doesn't seem to be working. My firewall is on a different box from O-H server. Here's the directive I have in my ossec.conf file:
<active-response> <!-- Firewall Drop response. Block the IP for - 600 seconds on the firewall (iptables, - ipfilter, etc). --> <command>firewall-drop</command> <location>defined-agent</location> <agent_id>004</agent_id> <level>6</level> <timeout>600</timeout> </active-response> Would someone be kind enough to give me a hand to make this work? Many thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.