On Thu, Jan 30, 2014 at 9:43 AM, frwa onto <[email protected]> wrote: > Dear Dan, > No there is no such log /var/ossec/logs/active-response.log > in my case. So I guess it should be something else causing it to hang then. > Thank you. >
Do you have active response disabled? There aren't many other ways OSSEC could deny access to the system. > Regards, > Frwa. > > On Thursday, January 30, 2014 8:56:23 PM UTC+8, dan (ddpbsd) wrote: >> >> On Sat, Jan 25, 2014 at 9:25 PM, frwa onto <[email protected]> wrote: >> > I have started to use ossec on a new server and suddenly today I could >> > not >> > log into it via ssh. I am not too sure what exactly have happened the >> > last >> > messages I got from my email is this >> > >> > OSSEC HIDS Notification. >> > 2014 Jan 26 04:05:19 >> > >> > Received From: pro1->/var/log/maillog >> > Rule: 11 fired (level 4) -> "Excessive number of events (above normal)." >> > Portion of the log(s): >> > >> > The average number of logs between 4:00 and 5:00 is 147. We reached 398. >> > >> > >> > >> > --END OF NOTIFICATION. Could it be due to this abnormality? >> > >> >> Probably not. Are you sure OSSEC isn't triggering active response to >> block your ssh connection? Look in /var/ossec/logs/active-response.log >> for your IP. >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
