Hi, I can see the keys in the client.keys file. Could you please let me know the steps to check the OSSEC Traffic you mentioned in your last email?
On Tuesday, 9 April 2019 17:19:35 UTC+5, dan (ddpbsd) wrote: > > On Tue, Apr 9, 2019 at 3:09 AM Abid Raza > <san...@primaticsfinancial.com.pk <javascript:>> wrote: > > > > Hi, > > > > List-agents -n shows nothing. Please see the attached snapshot. > > That's strange. Verify the agents are added by checking > `/var/ossec/etc/client.keys` (don't post that, it has secrets) > Nothing related in the ossec.log that I saw, but images are much > harder to parse than text. > I don't see anything relevant in the tcpdump output. Please look for > OSSEC traffic (udp port 1514), bootp and dns isn't very helpful. > > > Yes, I added agent in the OSSEC Server, Copy the key from OSSEC server > and paste it on the OSSEC Agent which is my Active Directory Windows > Server. > > Attached is the screen shot of the osseclog file. Please review it. > > Attached is the snapshot of TCP Dump. Please review it. > > > > Please let me know if there is any additional information is required. > > > > Thanks > > > > > > On Monday, 8 April 2019 23:00:17 UTC+5, dan (ddpbsd) wrote: > >> > >> On Mon, Apr 8, 2019 at 10:13 AM Abid Raza > >> <san...@primaticsfinancial.com.pk> wrote: > >> > > >> > Team, > >> > > >> > I have recently installed an standalone OSSEC 3.2 Server and added my > Active Directory servers as agents. I have also installed OSSEC AGent v3.2 > or my Domain Controllers and started the agent service. > >> > > >> > I don't see any logs in the archive.log or ossec.log file. > Furthermore, When I run the command /var/ossec/bin/list_agents -c, it shows > me "Not agents are available" > >> > > >> > >> Does `/var/ossec/bin/list_agents -n` show you anything? > >> Did you add the agents to the OSSEC server, export the keys, and > >> import the keys on the agents? > >> Is there anything related in the ossec.log of either the agents or the > server? > >> Using tcpdump on the OSSEC server, make sure packets from the agents > >> are making it to the server. Make sure the server is responding to > >> those agents. > >> > >> > Could you please help me if I am missing any configuration as I am > new in the OSSEC. > >> > > >> > Thanks > >> > Abid > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send an email to ossec...@googlegroups.com. > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
