any update Sir. On Tuesday, 16 April 2019 17:50:57 UTC+5, Abid Raza wrote: > > PFA the result. > > On Saturday, 13 April 2019 07:08:51 UTC+5, dan (ddpbsd) wrote: >> >> On Thu, Apr 11, 2019 at 8:17 AM Abid Raza >> <san...@primaticsfinancial.com.pk> wrote: >> > >> > Hi, >> > >> > I can see the keys in the client.keys file. Could you please let me >> know the steps to check the OSSEC Traffic you mentioned in your last email? >> > >> >> Replace INTERFACE with the name of your network interface. >> >> `sudo tcpdump -nni INTERFACE udp and port 1514` >> >> This causes tcpdump to not translate hostnames and port numbers, >> listen on INTERFACE, >> and only display udp traffic on port 1514. >> >> > On Tuesday, 9 April 2019 17:19:35 UTC+5, dan (ddpbsd) wrote: >> >> >> >> On Tue, Apr 9, 2019 at 3:09 AM Abid Raza >> >> <san...@primaticsfinancial.com.pk> wrote: >> >> > >> >> > Hi, >> >> > >> >> > List-agents -n shows nothing. Please see the attached snapshot. >> >> >> >> That's strange. Verify the agents are added by checking >> >> `/var/ossec/etc/client.keys` (don't post that, it has secrets) >> >> Nothing related in the ossec.log that I saw, but images are much >> >> harder to parse than text. >> >> I don't see anything relevant in the tcpdump output. Please look for >> >> OSSEC traffic (udp port 1514), bootp and dns isn't very helpful. >> >> >> >> > Yes, I added agent in the OSSEC Server, Copy the key from OSSEC >> server and paste it on the OSSEC Agent which is my Active Directory Windows >> Server. >> >> > Attached is the screen shot of the osseclog file. Please review it. >> >> > Attached is the snapshot of TCP Dump. Please review it. >> >> > >> >> > Please let me know if there is any additional information is >> required. >> >> > >> >> > Thanks >> >> > >> >> > >> >> > On Monday, 8 April 2019 23:00:17 UTC+5, dan (ddpbsd) wrote: >> >> >> >> >> >> On Mon, Apr 8, 2019 at 10:13 AM Abid Raza >> >> >> <san...@primaticsfinancial.com.pk> wrote: >> >> >> > >> >> >> > Team, >> >> >> > >> >> >> > I have recently installed an standalone OSSEC 3.2 Server and >> added my Active Directory servers as agents. I have also installed OSSEC >> AGent v3.2 or my Domain Controllers and started the agent service. >> >> >> > >> >> >> > I don't see any logs in the archive.log or ossec.log file. >> Furthermore, When I run the command /var/ossec/bin/list_agents -c, it shows >> me "Not agents are available" >> >> >> > >> >> >> >> >> >> Does `/var/ossec/bin/list_agents -n` show you anything? >> >> >> Did you add the agents to the OSSEC server, export the keys, and >> >> >> import the keys on the agents? >> >> >> Is there anything related in the ossec.log of either the agents or >> the server? >> >> >> Using tcpdump on the OSSEC server, make sure packets from the >> agents >> >> >> are making it to the server. Make sure the server is responding to >> >> >> those agents. >> >> >> >> >> >> > Could you please help me if I am missing any configuration as I >> am new in the OSSEC. >> >> >> > >> >> >> > Thanks >> >> >> > Abid >> >> >> > >> >> >> > -- >> >> >> > >> >> >> > --- >> >> >> > You received this message because you are subscribed to the >> Google Groups "ossec-list" group. >> >> >> > To unsubscribe from this group and stop receiving emails from it, >> send an email to ossec...@googlegroups.com. >> >> >> > For more options, visit https://groups.google.com/d/optout. >> >> > >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> send an email to ossec...@googlegroups.com. >> >> > For more options, visit https://groups.google.com/d/optout. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to ossec...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. >> >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
