On Thu, May 11, 2017 at 5:18 AM, Akash Munjal <akashmunjal...@gmail.com> wrote: > > Hi All, > > I can not receive alert from this agent(ID:1024). When i check the status it > look like this. > > Please help me out. > > > /var/ossec/bin/agent_control -i 1024 > > OSSEC HIDS agent_control. Agent information: > Agent ID: 1024 > Agent Name: MMTC_UAT_APP1_X.X.X.X > IP address: any/any > Status: Never connected > > Operating system: Unknown > Client version: Unknown > Last keep alive: Unknown > > Syscheck last started at: Unknown > Rootcheck last started at: Unknown > >
You can use tcpdump or a similar sniffing program to see if there is traffic between the systems (ossec server and agent). Restart the ossec server in debug mode (`/var/ossec/bin/ossec-control enable debug && /var/ossec/bin/ossec-control restart`) and check the ossec.log for details. > Warm Regards. > Akashdeep Munjal > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.