I am reinstalling system right now but it looks like this was the issue. Thank you very much!
понедельник, 17 апреля 2017 г., 7:01:29 UTC+5:45 пользователь Victor Fernandez написал: > > Hi, > > have you more than one network interface on your manager? I see your > tcpdump log a bit unusual: > > 00:58:11.619862 IP 10.2.2.3.43453 > *10.2.2.12*.fujitsu-dtcns: UDP, > length 73 > 00:58:11.620415 IP *10.2.2.13*.fujitsu-dtcns > 10.2.2.3.43453: UDP, > length 73 > > > It seems that the manager is responding (probably an ACK message) but it > is doing it from a different IP (10.2.2.13 instead of 10.2.2.12). > > Do you see any error at /var/ossec/log/ossec.log at the agent? > > Best regards. > > On Sat, Apr 15, 2017 at 11:59 PM, Kat <uncom...@gmail.com <javascript:>> > wrote: > >> It really sounds like you are missing a step -- perhaps post the steps >> you do for the install, adding an agent etc, showing the commands and >> results. We need something more to help you. >> >> Kat >> >> >> On Thursday, April 13, 2017 at 5:24:32 PM UTC-5, Руслан Аминджанов wrote: >>> >>> Hello! >>> I installed OSSEC server and client on 2 hosts whoever agent showed as >>> "Never connected". There is no firewall between these hosts and if I use >>> netcat to connect to server It log shows that message is not properly >>> formated. >>> Output of tcpdump: >>> >>> 00:58:11.619862 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length >>> 73 >>> >>> 00:58:11.620415 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length >>> 73 >>> >>> 00:58:15.620201 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length >>> 73 >>> >>> 00:58:15.620618 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length >>> 73 >>> >>> 00:58:20.620619 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length >>> 73 >>> >>> 00:58:20.621167 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length >>> 73 >>> >>> 00:58:26.621162 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length >>> 73 >>> >>> 00:58:26.621703 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length >>> 73 >>> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+...@googlegroups.com <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Victor M. Fernandez-Castro > IT Security Engineer > Wazuh Inc. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.