Re: [ossec-list] Re: OSSEC Agent not works

2017-05-28 Thread Руслан Аминджанов 
Still nothing.
https://0bin.net/paste/7rMT6xDrnBLdjAZd#HIJmfdpKt4bnGmgsV30SdbywkXSi0-pnzZ7UXZBDffw

суббота, 27 мая 2017 г., 22:38:13 UTC+5 пользователь dan (ddpbsd) написал:
>
> On Sat, May 27, 2017 at 5:39 PM, Руслан Аминджанов 
>  wrote: 
> > Fully reinstalled system and got a new problem: still agents not 
> connecting 
> > but now event if I send messages to ossec-remoted via netcat there is no 
> > entities in log. Checked via netstat and ossec-remoted is listening. 
> > 
>
> Turn on debug mode on the manager (`/var/ossec/bin/ossec-control 
> enable debug`), restart OSSEC (`/var/ossec/bin/ossec-control 
> restart`), and try again. 
>
> > понедельник, 17 апреля 2017 г., 18:01:44 UTC+5:45 пользователь Руслан 
> > Аминджанов написал: 
> >> 
> >> I am reinstalling system right now but it looks like this was the 
> issue. 
> >> Thank you very much! 
> >> 
> >> понедельник, 17 апреля 2017 г., 7:01:29 UTC+5:45 пользователь Victor 
> >> Fernandez написал: 
> >>> 
> >>> Hi, 
> >>> 
> >>> have you more than one network interface on your manager? I see your 
> >>> tcpdump log a bit unusual: 
> >>> 
> >>> 00:58:11.619862 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, 
> length 
> >>> 73 
> >>> 00:58:11.620415 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, 
> length 
> >>> 73 
> >>> 
> >>> 
> >>> It seems that the manager is responding (probably an ACK message) but 
> it 
> >>> is doing it from a different IP (10.2.2.13 instead of 10.2.2.12). 
> >>> 
> >>> Do you see any error at /var/ossec/log/ossec.log at the agent? 
> >>> 
> >>> Best regards. 
> >>> 
> >>> On Sat, Apr 15, 2017 at 11:59 PM, Kat  wrote: 
>  
>  It really sounds like you are missing a step -- perhaps post the 
> steps 
>  you do for the install, adding an agent etc, showing the commands and 
>  results. We need something more to help you. 
>  
>  Kat 
>  
>  
>  On Thursday, April 13, 2017 at 5:24:32 PM UTC-5, Руслан Аминджанов 
>  wrote: 
> > 
> > Hello! 
> > I installed OSSEC server and client on 2 hosts whoever agent showed 
> as 
> > "Never connected". There is no firewall between these hosts and if I 
> use 
> > netcat to connect to server It log shows that message is not 
> properly 
> > formated. 
> > Output of tcpdump: 
> > 
> > 00:58:11.619862 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, 
> > length 73 
> > 
> > 00:58:11.620415 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, 
> > length 73 
> > 
> > 00:58:15.620201 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, 
> > length 73 
> > 
> > 00:58:15.620618 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, 
> > length 73 
> > 
> > 00:58:20.620619 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, 
> > length 73 
> > 
> > 00:58:20.621167 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, 
> > length 73 
> > 
> > 00:58:26.621162 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, 
> > length 73 
> > 
> > 00:58:26.621703 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, 
> > length 73 
>  
>  -- 
>  
>  --- 
>  You received this message because you are subscribed to the Google 
>  Groups "ossec-list" group. 
>  To unsubscribe from this group and stop receiving emails from it, 
> send 
>  an email to ossec-list+...@googlegroups.com. 
>  For more options, visit https://groups.google.com/d/optout. 
> >>> 
> >>> 
> >>> 
> >>> 
> >>> -- 
> >>> Victor M. Fernandez-Castro 
> >>> IT Security Engineer 
> >>> Wazuh Inc. 
> > 
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-list+...@googlegroups.com . 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Re: OSSEC Agent not works

2017-05-27 Thread dan (ddp) 
On Sat, May 27, 2017 at 5:39 PM, Руслан Аминджанов
 wrote:
> Fully reinstalled system and got a new problem: still agents not connecting
> but now event if I send messages to ossec-remoted via netcat there is no
> entities in log. Checked via netstat and ossec-remoted is listening.
>

Turn on debug mode on the manager (`/var/ossec/bin/ossec-control
enable debug`), restart OSSEC (`/var/ossec/bin/ossec-control
restart`), and try again.

> понедельник, 17 апреля 2017 г., 18:01:44 UTC+5:45 пользователь Руслан
> Аминджанов написал:
>>
>> I am reinstalling system right now but it looks like this was the issue.
>> Thank you very much!
>>
>> понедельник, 17 апреля 2017 г., 7:01:29 UTC+5:45 пользователь Victor
>> Fernandez написал:
>>>
>>> Hi,
>>>
>>> have you more than one network interface on your manager? I see your
>>> tcpdump log a bit unusual:
>>>
>>> 00:58:11.619862 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length
>>> 73
>>> 00:58:11.620415 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length
>>> 73
>>>
>>>
>>> It seems that the manager is responding (probably an ACK message) but it
>>> is doing it from a different IP (10.2.2.13 instead of 10.2.2.12).
>>>
>>> Do you see any error at /var/ossec/log/ossec.log at the agent?
>>>
>>> Best regards.
>>>
>>> On Sat, Apr 15, 2017 at 11:59 PM, Kat  wrote:

 It really sounds like you are missing a step -- perhaps post the steps
 you do for the install, adding an agent etc, showing the commands and
 results. We need something more to help you.

 Kat


 On Thursday, April 13, 2017 at 5:24:32 PM UTC-5, Руслан Аминджанов
 wrote:
>
> Hello!
> I installed OSSEC server and client on 2 hosts whoever agent showed as
> "Never connected". There is no firewall between these hosts and if I use
> netcat to connect to server It log shows that message is not properly
> formated.
> Output of tcpdump:
>
> 00:58:11.619862 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP,
> length 73
>
> 00:58:11.620415 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP,
> length 73
>
> 00:58:15.620201 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP,
> length 73
>
> 00:58:15.620618 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP,
> length 73
>
> 00:58:20.620619 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP,
> length 73
>
> 00:58:20.621167 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP,
> length 73
>
> 00:58:26.621162 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP,
> length 73
>
> 00:58:26.621703 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP,
> length 73

 --

 ---
 You received this message because you are subscribed to the Google
 Groups "ossec-list" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to ossec-list+...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.
>>>
>>>
>>>
>>>
>>> --
>>> Victor M. Fernandez-Castro
>>> IT Security Engineer
>>> Wazuh Inc.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Re: OSSEC Agent not works

2017-05-27 Thread Руслан Аминджанов 
Fully reinstalled system and got a new problem: still agents not connecting 
but now event if I send messages to ossec-remoted via netcat there is no 
entities in log. Checked via netstat and ossec-remoted is listening.

понедельник, 17 апреля 2017 г., 18:01:44 UTC+5:45 пользователь Руслан 
Аминджанов написал:
>
> I am reinstalling system right now but it looks like this was the issue. 
> Thank you very much!
>
> понедельник, 17 апреля 2017 г., 7:01:29 UTC+5:45 пользователь Victor 
> Fernandez написал:
>>
>> Hi,
>>
>> have you more than one network interface on your manager? I see your 
>> tcpdump log a bit unusual:
>>
>> 00:58:11.619862 IP 10.2.2.3.43453 > *10.2.2.12*.fujitsu-dtcns: UDP, 
>> length 73
>> 00:58:11.620415 IP *10.2.2.13*.fujitsu-dtcns > 10.2.2.3.43453: UDP, 
>> length 73
>>
>>
>> It seems that the manager is responding (probably an ACK message) but it 
>> is doing it from a different IP (10.2.2.13 instead of 10.2.2.12).
>>
>> Do you see any error at /var/ossec/log/ossec.log at the agent?
>>
>> Best regards. 
>>
>> On Sat, Apr 15, 2017 at 11:59 PM, Kat  wrote:
>>
>>> It really sounds like you are missing a step -- perhaps post the steps 
>>> you do for the install, adding an agent etc, showing the commands and 
>>> results. We need something more to help you. 
>>>
>>> Kat
>>>
>>>
>>> On Thursday, April 13, 2017 at 5:24:32 PM UTC-5, Руслан Аминджанов wrote:

 Hello!
 I installed OSSEC server and client on 2 hosts whoever agent showed as 
 "Never connected". There is no firewall between these hosts and if I use 
 netcat to connect to server It log shows that message is not properly 
 formated.
 Output of tcpdump:

 00:58:11.619862 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, 
 length 73

 00:58:11.620415 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, 
 length 73

 00:58:15.620201 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, 
 length 73

 00:58:15.620618 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, 
 length 73

 00:58:20.620619 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, 
 length 73

 00:58:20.621167 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, 
 length 73

 00:58:26.621162 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, 
 length 73

 00:58:26.621703 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, 
 length 73

>>> -- 
>>>
>>> --- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "ossec-list" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to ossec-list+...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> -- 
>> Victor M. Fernandez-Castro
>> IT Security Engineer
>> Wazuh Inc.
>>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Re: OSSEC Agent not works

2017-04-17 Thread Руслан Аминджанов 
I am reinstalling system right now but it looks like this was the issue. 
Thank you very much!

понедельник, 17 апреля 2017 г., 7:01:29 UTC+5:45 пользователь Victor 
Fernandez написал:
>
> Hi,
>
> have you more than one network interface on your manager? I see your 
> tcpdump log a bit unusual:
>
> 00:58:11.619862 IP 10.2.2.3.43453 > *10.2.2.12*.fujitsu-dtcns: UDP, 
> length 73
> 00:58:11.620415 IP *10.2.2.13*.fujitsu-dtcns > 10.2.2.3.43453: UDP, 
> length 73
>
>
> It seems that the manager is responding (probably an ACK message) but it 
> is doing it from a different IP (10.2.2.13 instead of 10.2.2.12).
>
> Do you see any error at /var/ossec/log/ossec.log at the agent?
>
> Best regards. 
>
> On Sat, Apr 15, 2017 at 11:59 PM, Kat  
> wrote:
>
>> It really sounds like you are missing a step -- perhaps post the steps 
>> you do for the install, adding an agent etc, showing the commands and 
>> results. We need something more to help you. 
>>
>> Kat
>>
>>
>> On Thursday, April 13, 2017 at 5:24:32 PM UTC-5, Руслан Аминджанов wrote:
>>>
>>> Hello!
>>> I installed OSSEC server and client on 2 hosts whoever agent showed as 
>>> "Never connected". There is no firewall between these hosts and if I use 
>>> netcat to connect to server It log shows that message is not properly 
>>> formated.
>>> Output of tcpdump:
>>>
>>> 00:58:11.619862 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length 
>>> 73
>>>
>>> 00:58:11.620415 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length 
>>> 73
>>>
>>> 00:58:15.620201 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length 
>>> 73
>>>
>>> 00:58:15.620618 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length 
>>> 73
>>>
>>> 00:58:20.620619 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length 
>>> 73
>>>
>>> 00:58:20.621167 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length 
>>> 73
>>>
>>> 00:58:26.621162 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length 
>>> 73
>>>
>>> 00:58:26.621703 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length 
>>> 73
>>>
>> -- 
>>
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ossec-list+...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Victor M. Fernandez-Castro
> IT Security Engineer
> Wazuh Inc.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Re: OSSEC Agent not works

2017-04-17 Thread Victor Fernandez 
Hi,

have you more than one network interface on your manager? I see your tcpdump
log a bit unusual:

00:58:11.619862 IP 10.2.2.3.43453 > *10.2.2.12*.fujitsu-dtcns: UDP, length
73
00:58:11.620415 IP *10.2.2.13*.fujitsu-dtcns > 10.2.2.3.43453: UDP, length
73


It seems that the manager is responding (probably an ACK message) but it is
doing it from a different IP (10.2.2.13 instead of 10.2.2.12).

Do you see any error at /var/ossec/log/ossec.log at the agent?

Best regards.

On Sat, Apr 15, 2017 at 11:59 PM, Kat  wrote:

> It really sounds like you are missing a step -- perhaps post the steps you
> do for the install, adding an agent etc, showing the commands and results.
> We need something more to help you.
>
> Kat
>
>
> On Thursday, April 13, 2017 at 5:24:32 PM UTC-5, Руслан Аминджанов wrote:
>>
>> Hello!
>> I installed OSSEC server and client on 2 hosts whoever agent showed as
>> "Never connected". There is no firewall between these hosts and if I use
>> netcat to connect to server It log shows that message is not properly
>> formated.
>> Output of tcpdump:
>>
>> 00:58:11.619862 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length
>> 73
>>
>> 00:58:11.620415 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length
>> 73
>>
>> 00:58:15.620201 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length
>> 73
>>
>> 00:58:15.620618 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length
>> 73
>>
>> 00:58:20.620619 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length
>> 73
>>
>> 00:58:20.621167 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length
>> 73
>>
>> 00:58:26.621162 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length
>> 73
>>
>> 00:58:26.621703 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length
>> 73
>>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Victor M. Fernandez-Castro
IT Security Engineer
Wazuh Inc.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: OSSEC Agent not works

2017-04-15 Thread Kat 
It really sounds like you are missing a step -- perhaps post the steps you 
do for the install, adding an agent etc, showing the commands and results. 
We need something more to help you. 

Kat

On Thursday, April 13, 2017 at 5:24:32 PM UTC-5, Руслан Аминджанов wrote:
>
> Hello!
> I installed OSSEC server and client on 2 hosts whoever agent showed as 
> "Never connected". There is no firewall between these hosts and if I use 
> netcat to connect to server It log shows that message is not properly 
> formated.
> Output of tcpdump:
>
> 00:58:11.619862 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length 73
>
> 00:58:11.620415 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length 73
>
> 00:58:15.620201 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length 73
>
> 00:58:15.620618 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length 73
>
> 00:58:20.620619 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length 73
>
> 00:58:20.621167 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length 73
>
> 00:58:26.621162 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length 73
>
> 00:58:26.621703 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length 73
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.