Still nothing. https://0bin.net/paste/7rMT6xDrnBLdjAZd#HIJmfdpKt4bnGmgsV30SdbywkXSi0-pnzZ7UXZBDffw
суббота, 27 мая 2017 г., 22:38:13 UTC+5 пользователь dan (ddpbsd) написал: > > On Sat, May 27, 2017 at 5:39 PM, Руслан Аминджанов > <thetec...@gmail.com <javascript:>> wrote: > > Fully reinstalled system and got a new problem: still agents not > connecting > > but now event if I send messages to ossec-remoted via netcat there is no > > entities in log. Checked via netstat and ossec-remoted is listening. > > > > Turn on debug mode on the manager (`/var/ossec/bin/ossec-control > enable debug`), restart OSSEC (`/var/ossec/bin/ossec-control > restart`), and try again. > > > понедельник, 17 апреля 2017 г., 18:01:44 UTC+5:45 пользователь Руслан > > Аминджанов написал: > >> > >> I am reinstalling system right now but it looks like this was the > issue. > >> Thank you very much! > >> > >> понедельник, 17 апреля 2017 г., 7:01:29 UTC+5:45 пользователь Victor > >> Fernandez написал: > >>> > >>> Hi, > >>> > >>> have you more than one network interface on your manager? I see your > >>> tcpdump log a bit unusual: > >>> > >>> 00:58:11.619862 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, > length > >>> 73 > >>> 00:58:11.620415 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, > length > >>> 73 > >>> > >>> > >>> It seems that the manager is responding (probably an ACK message) but > it > >>> is doing it from a different IP (10.2.2.13 instead of 10.2.2.12). > >>> > >>> Do you see any error at /var/ossec/log/ossec.log at the agent? > >>> > >>> Best regards. > >>> > >>> On Sat, Apr 15, 2017 at 11:59 PM, Kat <uncom...@gmail.com> wrote: > >>>> > >>>> It really sounds like you are missing a step -- perhaps post the > steps > >>>> you do for the install, adding an agent etc, showing the commands and > >>>> results. We need something more to help you. > >>>> > >>>> Kat > >>>> > >>>> > >>>> On Thursday, April 13, 2017 at 5:24:32 PM UTC-5, Руслан Аминджанов > >>>> wrote: > >>>>> > >>>>> Hello! > >>>>> I installed OSSEC server and client on 2 hosts whoever agent showed > as > >>>>> "Never connected". There is no firewall between these hosts and if I > use > >>>>> netcat to connect to server It log shows that message is not > properly > >>>>> formated. > >>>>> Output of tcpdump: > >>>>> > >>>>> 00:58:11.619862 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, > >>>>> length 73 > >>>>> > >>>>> 00:58:11.620415 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, > >>>>> length 73 > >>>>> > >>>>> 00:58:15.620201 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, > >>>>> length 73 > >>>>> > >>>>> 00:58:15.620618 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, > >>>>> length 73 > >>>>> > >>>>> 00:58:20.620619 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, > >>>>> length 73 > >>>>> > >>>>> 00:58:20.621167 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, > >>>>> length 73 > >>>>> > >>>>> 00:58:26.621162 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, > >>>>> length 73 > >>>>> > >>>>> 00:58:26.621703 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, > >>>>> length 73 > >>>> > >>>> -- > >>>> > >>>> --- > >>>> You received this message because you are subscribed to the Google > >>>> Groups "ossec-list" group. > >>>> To unsubscribe from this group and stop receiving emails from it, > send > >>>> an email to ossec-list+...@googlegroups.com. > >>>> For more options, visit https://groups.google.com/d/optout. > >>> > >>> > >>> > >>> > >>> -- > >>> Victor M. Fernandez-Castro > >>> IT Security Engineer > >>> Wazuh Inc. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
