I have searched through the listings and the internet and cannot seem to
find a solution to this issue.
We have approximately 3200 computers (Windows 7) that we are trying to get
configured with OSSEC. The agent is part of the image that we are rolling
out to the machines. All the machines ha
m32/regsvr32.exe'.
2014/10/12 17:07:10 ossec-agent: INFO: Monitoring directory:
'C:\Windows/System32/rexec.exe'.
2014/10/12 17:07:10 ossec-agent: INFO: Monitoring directory:
'C:\Windows/System32/rsh.exe'.
2014/10/12 17:07:10 ossec-agent: INFO: Monitoring directory:
Yes, removed all rid files before restarting the server
On Monday, October 13, 2014 7:04:41 AM UTC-5, Antonio Querubin wrote:
>
> On Sun, 12 Oct 2014, David Masters wrote:
>
> > Ok...here is the log file from a freshly installed agent (shutdown ossec
> > server, removed
> ossec-control into debug on the server and look for errors such as "not
> allowed" and so forth
>
> On Monday, October 13, 2014 8:04:41 AM UTC-4, Antonio Querubin wrote:
>>
>> On Sun, 12 Oct 2014, David Masters wrote:
>>
>> > Ok...here is the log
> allowed" and so forth
>
> On Monday, October 13, 2014 8:04:41 AM UTC-4, Antonio Querubin wrote:
>>
>> On Sun, 12 Oct 2014, David Masters wrote:
>>
>> > Ok...here is the log file from a freshly installed agent (shutdown
>> ossec
>> > server, r
any'.
On Sunday, October 12, 2014 5:36:07 AM UTC-5, dan (ddpbsd) wrote:
>
>
> On Oct 12, 2014 6:28 AM, "David Masters" > wrote:
> >
> > I have searched through the listings and the internet and cannot seem to
> find a solution to this issue.
> >
>
not possible, I would like to know this as soon as possible so
that we can find a different solution for our IPS/IDS/FIM system.
Thank you.
On Monday, October 13, 2014 10:33:59 AM UTC-5, dan (ddpbsd) wrote:
>
> On Mon, Oct 13, 2014 at 11:21 AM, David Masters
> > wrote:
> > 201
t;
>
>
> *From:* ossec...@googlegroups.com [mailto:
> ossec...@googlegroups.com ] *On Behalf Of *David Masters
> *Sent:* Monday, October 13, 2014 9:19 AM
> *To:* ossec...@googlegroups.com
> *Subject:* Re: [ossec-list] Windows agents not connecting to OSSEC server
>
>
make sure the ossec-server is keeping up.
>
> Has any of this helped you sir?
>
> On Monday, October 13, 2014 3:47:12 PM UTC-4, David Masters wrote:
>>
>> I am acquiring the keys originally from the server (cat client.keys) then
>> copying that information directly f
rget, move the agent over and attempt to run the agent
> with the creds provided and I don't do batches larger than 100 at a time
> just to make sure the ossec-server is keeping up.
>
> Has any of this helped you sir?
>
> On Monday, October 13, 2014 3:47:12 PM UTC-4, David Mas
has to be installed as local admin or domain admin,
> else UAC kind of kills the application.
>
> Grant Leonard
> Castra Consulting, LLC <http://castraconsulting.com/#/>
> 919-949-4002
>
> On Mon, Oct 13, 2014 at 6:55 PM, David Masters > wrote:
>
>> This is wha
e command is sound, I just dont know what your OS looks like
>
> SO
>
> tcpdump -i host this with the IP of the sending WIn7 platform> and port 1514 -vvv
>
> Make sense?
>
> Grant Leonard
> Castra Consulting, LLC <http://castraconsulting.com/#/>
> 919-949-4002
haracters/line breaks/carriage returns present.
On Monday, October 13, 2014 7:43:26 PM UTC-5, Michael Starks wrote:
>
> On 10/13/2014 11:18 AM, David Masters wrote:
> > The whole purpose of this exercise is to not have to go to each
> > individual machine to input the key and co
040 > fri-security1.247intouchpci.local.1514: [udp sum
ok] UDP, length 78
11:05:37.609694 IP (tos 0x0, ttl 127, id 8114, offset 0, flags [DF], proto
UDP (17), length 106)
10.50.102.17.63040 > fri-security1.247intouchpci.local.1514: [udp sum
ok] UDP, length 78
On Monday, October 13, 2014 7:54:13 PM UTC-5, Davi
?
On Sunday, October 12, 2014 4:34:03 AM UTC-5, David Masters wrote:
>
> I have searched through the listings and the internet and cannot seem to
> find a solution to this issue.
>
> We have approximately 3200 computers (Windows 7) that we are trying to get
> configured with OS
15 matches
Mail list logo