[ossec: active response: add host] 
log 1 pass = Sat May  7 03:17:27 CDT 2011 /var/ossec/active-response/bin/host-deny.sh add - 172.16.0.1 1304756247.60385 31151
rule = 603
alert = 3
decoder = ar_log

[ossec: active response: add firewall] 
log 2 pass = Sat May  7 03:17:27 CDT 2011 /var/ossec/active-response/bin/firewall-drop.sh add - 172.16.0.1 1304756247.60385 31151
rule = 601
alert = 3
decoder = ar_log


[ossec: active response: delete host] 
log 3 pass = Sat May  7 03:27:57 CDT 2011 /var/ossec/active-response/bin/host-deny.sh delete - 172.16.0.1 1304756247.60385 31151
rule = 604
alert = 3
decoder = ar_log


[ossec: active response: delete firewall] 
log 4 pass = Sat May  7 03:27:57 CDT 2011 /var/ossec/active-response/bin/firewall-drop.sh delete - 172.16.0.1 1304756247.60385 31151

rule = 602
alert = 3
decoder = ar_log

[ossec-logcollector: ignore informational messages at startup]
log 1 pass = 2015/01/29 21:09:49 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/httpd/error_log'.

rule = 701
alert = 0
decoder = ossec-logcollector

[agent started]
log 1 pass = ossec: Agent started: 'any'

rule = 501
alert = 3
decoder = ossec