If ASL blocks anything, it will log that action. Just log into the ASL GUI, set the level to 1, and type in the IP address into the Event: box in the Security Events window. This will tell you if ASL has alerted on anything, it may not have shunned it. If you do not see the IP listed at all, then ASL is not involved, if you do the IP continue reading.
If you want to find out if ASL is currently' blocking, shunning, or firewalling off an IP address, just click on the ASL tab, then then select Blocking. Any IP address that ASL is currently blocking will be listed in that window. If ASL is no longer blocking the IP, it will not show up in that window.
If you want to find if ASL blocked an IP in the past, you will find that information in this log file:
/var/ossec/logs/active-responses.log
If you have blacklisted an IP, then check the Blacklist window.
And if you are using the geoblocking features, check the Geoblocking window for the list of countries you have configured ASL to block.
Comments
0 comments
Please sign in to leave a comment.