|
Hello all
(sorry for my english again),
I download the file http://www.ossec.net/files/snapshots/ossec-hids-060912.tar.gz and install, but now I've more any problems. I install the server in the one machine that have two interfaces (internal and external). When I install the agent in a external machine, always show the message "Waiting for server reply (not started)." like logs below: 2006/09/14 09:49:29 ossec-agentd: Connecting to server (200.xxx.xxx.13:1514). 2006/09/14 09:49:29 ossec-execd: Started (pid: 14194). 2006/09/14 09:49:31 ossec-syscheckd: Started (pid: 14203). 2006/09/14 09:49:35 ossec-logcollector(1950): Analyzing file: '/var/log/messages'. 2006/09/14 09:49:35 ossec-logcollector(1950): Analyzing file: '/var/log/secure'. 2006/09/14 09:49:35 ossec-logcollector(1950): Analyzing file: '/var/log/syslog'. 2006/09/14 09:49:35 ossec-logcollector(1950): Analyzing file: '/var/log/xferlog'. 2006/09/14 09:49:35 ossec-logcollector(1950): Analyzing file: '/var/log/proftpd.log'. 2006/09/14 09:49:35 ossec-logcollector(1950): Analyzing file: '/var/log/radius.log'. 2006/09/14 09:49:35 ossec-logcollector(1950): Analyzing file: '/var/log/maillog'. 2006/09/14 09:49:35 ossec-logcollector(1950): Analyzing file: '/var/log/apache/error_log'. 2006/09/14 09:49:35 ossec-logcollector(1950): Analyzing file: '/var/log/apache/access_log'. 2006/09/14 09:49:35 ossec-logcollector: Started (pid: 14199). 2006/09/14 09:49:45 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/14 09:50:01 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/14 09:50:32 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/14 09:51:18 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/14 09:52:19 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/14 09:53:35 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/14 09:55:06 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/14 09:56:52 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/14 09:58:53 ossec-agentd(4101): Waiting for server reply (not started). When I install the agent in a internal machine, the server respond, but I simulate a brute force ssh attack and doesn't work fine... the errors are described bellow (invalid command and unable to open file (no exists in this folder))... 2006/09/14 09:51:54 ossec-agentd: Connecting to server (192.168.1.1:1514). 2006/09/14 09:51:56 ossec-syscheckd: Started (pid: 11609). 2006/09/14 09:52:00 ossec-logcollector(1950): Analyzing file: '/var/log/messages'. 2006/09/14 09:52:00 ossec-logcollector(1950): Analyzing file: '/var/log/secure'. 2006/09/14 09:52:00 ossec-logcollector(1950): Analyzing file: '/var/log/syslog'. 2006/09/14 09:52:00 ossec-logcollector(1950): Analyzing file: '/var/log/xferlog'. 2006/09/14 09:52:00 ossec-logcollector(1950): Analyzing file: '/var/log/proftpd.log'. 2006/09/14 09:52:00 ossec-logcollector(1950): Analyzing file: '/var/log/maillog'. 2006/09/14 09:52:00 ossec-logcollector: Started (pid: 11608). 2006/09/14 09:52:09 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/14 09:52:25 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/14 09:52:42 ossec-agentd(4102): Connected to the server. 2006/09/14 09:52:42 ossec-agentd: Server unavailable. Setting lock. 2006/09/14 09:52:45 ossec-agentd: Server responded. Releasing lock. 2006/09/14 09:53:35 ossec-execd(1103): Unable to open file '/var/ossec/etc/shared/ar.conf'. 2006/09/14 09:53:35 ossec-execd(1311): Invalid command name 'host-deny600' provided. 2006/09/14 09:53:35 ossec-execd(1103): Unable to open file '/var/ossec/etc/shared/ar.conf'. 2006/09/14 09:53:35 ossec-execd(1311): Invalid command name 'firewall-drop600' provided. Any suggestion? Very thanks, -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.- Amauri Tiago Marx Coordenadoria de Tecnologia da Informação e Comunicação, Ctic Universidade do Oeste de Santa Catarina, Unoesc Campus de São Miguel do Oeste www.unoescsmo.edu.br -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.- |
- [ossec-list] Other problems Amauri Tiago Marx
- [ossec-list] Re: Other problems Daniel Cid
