Hello Folks,
I am wondering why active response on an OSSEC client which happens to
be an MS Windows 2008 Server is not being triggered. What is
frustrating is that it was working this morning while I was
troubleshooting it.
To start:
(1) The OSSEC server is properly configured:
OSSEC HIDS agen
The only idea I have is to stop the agent's ossec service, clear the
AR logfile, and start the service again.
On Mon, Sep 20, 2010 at 3:37 PM, blacklight wrote:
> Hello Folks,
>
> I am wondering why active response on an OSSEC client which happens to
> be an MS Windows 2008 Server is not being tr