Active response doesn't work

[hello1afk]

I am setting up some rules to test the ossec server attacked by flood syn from kali linux.
I have configure some rules in ossec.conf to help it defense when being attacked:

The active response litterally doesn't work, it doesn't alert sshd authentication fail or anything, and the server is litterally being attacked without any alert to me.
Any solutions to this problem? Appreciate for your replies.

[hello1afk]

https://documentation.wazuh.com/current/compliance/pci-dss/active-response.html

I use block of code in this link to conf (The github doesn't allow me to paste code )