On Tue, Feb 19, 2019 at 9:08 AM Luciano Mannucci <luci...@vespaperitivo.it> wrote: > > On Tue, 19 Feb 2019 06:54:25 -0500 > "dan (ddp)" <ddp...@gmail.com> wrote: > > > You can try running ossec-remoted in debug mode to see if it offers > > anymore logs. (`pkill ossec-remoted && /var/ossec/bin/ossec-remoted > > -d`) > > > > root@damocle:~ # pkill ossec-remoted && /var/ossec/bin/ossec-remoted -d > 2019/02/19 13:16:50 ossec-remoted: DEBUG: Starting ... > > I see packets coming via tcpdump and nothing in the logs. Does remoted > log to stderr? >
It can with the '-f' flag. > I'm still getting those packets (see below) an see nothing in the logs. > > 192.168.134.18.36616 > 192.168.134.5.fujitsu-dtcns: UDP, length 73 > 0x0000: 4500 0065 dcdd 0000 3f11 1142 c0a8 8612 E..e....?..B.... > 0x0010: c0a8 8605 8f08 05ea 0051 8e8f 3a98 5bc9 .........Q..:.[. > 0x0020: bea2 a7d6 f1c2 b86a b27f adb2 6316 ca4b .......j....c..K > 0x0030: cb0b 5c65 7cf2 fea6 27c0 6fa4 5e5d 52ff ..\e|...'.o.^]R. > 0x0040: ee67 29fb 6158 d480 e928 38f0 fcf5 2740 .g).aX...(8...'@ > 0x0050: d03a 6acf 3c88 dc39 d330 4815 a4d9 dc62 .:j.<..9.0H....b > 0x0060: abe0 493c b4 ..I<. > > > Thanks again for any clue, > Sorry, fresh out. Delete the agent and re-add it? Redeploy the key? Make sure the OSSEC server's firewall isn't blocking the traffic? > Luciano. > -- > /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) > \ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250 > X AGAINST HTML MAIL / E-MAIL: posthams...@sublink.sublink.org > / \ AND POSTINGS / WWW: http://www.lesassaie.IT/ > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.