Fully reinstalled system and got a new problem: still agents not connecting but now event if I send messages to ossec-remoted via netcat there is no entities in log. Checked via netstat and ossec-remoted is listening.
понедельник, 17 апреля 2017 г., 18:01:44 UTC+5:45 пользователь Руслан Аминджанов написал: > > I am reinstalling system right now but it looks like this was the issue. > Thank you very much! > > понедельник, 17 апреля 2017 г., 7:01:29 UTC+5:45 пользователь Victor > Fernandez написал: >> >> Hi, >> >> have you more than one network interface on your manager? I see your >> tcpdump log a bit unusual: >> >> 00:58:11.619862 IP 10.2.2.3.43453 > *10.2.2.12*.fujitsu-dtcns: UDP, >> length 73 >> 00:58:11.620415 IP *10.2.2.13*.fujitsu-dtcns > 10.2.2.3.43453: UDP, >> length 73 >> >> >> It seems that the manager is responding (probably an ACK message) but it >> is doing it from a different IP (10.2.2.13 instead of 10.2.2.12). >> >> Do you see any error at /var/ossec/log/ossec.log at the agent? >> >> Best regards. >> >> On Sat, Apr 15, 2017 at 11:59 PM, Kat <uncom...@gmail.com> wrote: >> >>> It really sounds like you are missing a step -- perhaps post the steps >>> you do for the install, adding an agent etc, showing the commands and >>> results. We need something more to help you. >>> >>> Kat >>> >>> >>> On Thursday, April 13, 2017 at 5:24:32 PM UTC-5, Руслан Аминджанов wrote: >>>> >>>> Hello! >>>> I installed OSSEC server and client on 2 hosts whoever agent showed as >>>> "Never connected". There is no firewall between these hosts and if I use >>>> netcat to connect to server It log shows that message is not properly >>>> formated. >>>> Output of tcpdump: >>>> >>>> 00:58:11.619862 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, >>>> length 73 >>>> >>>> 00:58:11.620415 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, >>>> length 73 >>>> >>>> 00:58:15.620201 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, >>>> length 73 >>>> >>>> 00:58:15.620618 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, >>>> length 73 >>>> >>>> 00:58:20.620619 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, >>>> length 73 >>>> >>>> 00:58:20.621167 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, >>>> length 73 >>>> >>>> 00:58:26.621162 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, >>>> length 73 >>>> >>>> 00:58:26.621703 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, >>>> length 73 >>>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to ossec-list+...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Victor M. Fernandez-Castro >> IT Security Engineer >> Wazuh Inc. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
