On Sat, May 27, 2017 at 5:39 PM, Руслан Аминджанов <thetechnic...@gmail.com> wrote: > Fully reinstalled system and got a new problem: still agents not connecting > but now event if I send messages to ossec-remoted via netcat there is no > entities in log. Checked via netstat and ossec-remoted is listening. >
Turn on debug mode on the manager (`/var/ossec/bin/ossec-control enable debug`), restart OSSEC (`/var/ossec/bin/ossec-control restart`), and try again. > понедельник, 17 апреля 2017 г., 18:01:44 UTC+5:45 пользователь Руслан > Аминджанов написал: >> >> I am reinstalling system right now but it looks like this was the issue. >> Thank you very much! >> >> понедельник, 17 апреля 2017 г., 7:01:29 UTC+5:45 пользователь Victor >> Fernandez написал: >>> >>> Hi, >>> >>> have you more than one network interface on your manager? I see your >>> tcpdump log a bit unusual: >>> >>> 00:58:11.619862 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length >>> 73 >>> 00:58:11.620415 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length >>> 73 >>> >>> >>> It seems that the manager is responding (probably an ACK message) but it >>> is doing it from a different IP (10.2.2.13 instead of 10.2.2.12). >>> >>> Do you see any error at /var/ossec/log/ossec.log at the agent? >>> >>> Best regards. >>> >>> On Sat, Apr 15, 2017 at 11:59 PM, Kat <uncom...@gmail.com> wrote: >>>> >>>> It really sounds like you are missing a step -- perhaps post the steps >>>> you do for the install, adding an agent etc, showing the commands and >>>> results. We need something more to help you. >>>> >>>> Kat >>>> >>>> >>>> On Thursday, April 13, 2017 at 5:24:32 PM UTC-5, Руслан Аминджанов >>>> wrote: >>>>> >>>>> Hello! >>>>> I installed OSSEC server and client on 2 hosts whoever agent showed as >>>>> "Never connected". There is no firewall between these hosts and if I use >>>>> netcat to connect to server It log shows that message is not properly >>>>> formated. >>>>> Output of tcpdump: >>>>> >>>>> 00:58:11.619862 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, >>>>> length 73 >>>>> >>>>> 00:58:11.620415 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, >>>>> length 73 >>>>> >>>>> 00:58:15.620201 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, >>>>> length 73 >>>>> >>>>> 00:58:15.620618 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, >>>>> length 73 >>>>> >>>>> 00:58:20.620619 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, >>>>> length 73 >>>>> >>>>> 00:58:20.621167 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, >>>>> length 73 >>>>> >>>>> 00:58:26.621162 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, >>>>> length 73 >>>>> >>>>> 00:58:26.621703 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, >>>>> length 73 >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "ossec-list" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to ossec-list+...@googlegroups.com. >>>> For more options, visit https://groups.google.com/d/optout. >>> >>> >>> >>> >>> -- >>> Victor M. Fernandez-Castro >>> IT Security Engineer >>> Wazuh Inc. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
