Could you paste ifconfig and netstat output (feel free to anonymize any
data if needed)? At this point I don't know what the issue could be but
this info may help.
On Thu, Apr 10, 2014 at 8:32 AM, Devendra Agarwal <
devendra.agra...@gmail.com> wrote:
> No firewall (hardware or software) involve
No firewall (hardware or software) involved and tcpdump does not show any
communication between client and server. As soon as I install it on a
server that doesn't have network bonding/teaming configured (even with
multiple IPs), issue doesn't happen.
On Thursday, 10 April 2014 11:29:39 UTC-4,
Could you check on the server with tcpdump if there is any traffic sent
from the agent and, in case there is, what IP is being used? I know you did
it with Netstat but there could be other factors involved (maybe
firewalls...)
On Thu, Apr 10, 2014 at 8:05 AM, Binet, Valere (NIH/NIA/IRP) [C] <
b
2014/04/10 09:08:52 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/messages'.
2014/04/10 09:08:52 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/secure'.
2014/04/10 09:08:52 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/maillog'.
2014/04/10 09:08:52 ossec-logcol
Below is snippet from logs..
2014/04/10 09:08:52 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/messages'.
2014/04/10 09:08:52 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/secure'.
2014/04/10 09:08:52 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/maillog'.
20
What do the logs say?
They should be in /var/ossec/logs
Valère Binet [C]
IT Security Administrator
Kelly Government Solutions On-Site at the NIH
NIH / NIA / IRP
Tel : 410 558 8013
mailto: bin...@nia.nih.gov
NCTS performance comments and survey at:
https://niairpkiosk.irp.nia.nih.gov/content/nct
Hi Santiago,
Thanks for the response. The system does have 2 IPs. I have verified with
netstat that ossec binds to correct IP. There is no communication shown in
the output of tcpdump on either IPs. In every case it fails, that server
has NIC bonding (teaming) setup. I am wondering if I need to
Hi Devendra,
does your system have multiple IP addresses? Is there any other agent
connected to the server?
I have experienced issues with systems running multiple IP addresses. If
that is the case I would recommend to check with tcpdump which is the one
that the agent uses to send data to the se
I installed ossec-hids-2.4.1 agent on a server running on Red Hat Linux
5.4. The agent is not communicating. Other agents are fine. It seems if I
hace NIC bonding setup, this isue happens. Is there any known issue with
ossec if there is NIC bonding setup?
2014/04/09 16:23:28 ossec-agentd: INFO:
