+[ossec: active response: add host]
+log 1 pass = Sat May 7 03:17:27 CDT 2011 /var/ossec/active-response/bin/host-deny.sh add - 172.16.0.1 1304756247.60385 31151
+rule = 603
+alert = 3
+decoder = ar_log
+
+[ossec: active response: add firewall]
+log 2 pass = Sat May 7 03:17:27 CDT 2011 /var/ossec/active-response/bin/firewall-drop.sh add - 172.16.0.1 1304756247.60385 31151
+rule = 601
+alert = 3
+decoder = ar_log
+
+
+[ossec: active response: delete host]
+log 3 pass = Sat May 7 03:27:57 CDT 2011 /var/ossec/active-response/bin/host-deny.sh delete - 172.16.0.1 1304756247.60385 31151
+rule = 604
+alert = 3
+decoder = ar_log
+
+
+[ossec: active response: delete firewall]
+log 4 pass = Sat May 7 03:27:57 CDT 2011 /var/ossec/active-response/bin/firewall-drop.sh delete - 172.16.0.1 1304756247.60385 31151
+
+rule = 602
+alert = 3
+decoder = ar_log
+
+[ossec-logcollector: ignore informational messages at startup]
+log 1 pass = 2015/01/29 21:09:49 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/httpd/error_log'.
+
+rule = 701
+alert = 0
+decoder = ossec-logcollector
+
+[agent started]
+log 1 pass = ossec: Agent started: 'any'
+
+rule = 501
+alert = 3
+decoder = ossec
+