Hi All,
So I am currently still troubleshooting, but noticed that the syslog-ng
process was listening on 514 TCP, but also had an entry for 514 UDP, which
is the protocol I've set within my ossec.conf. Could this be part of the
issue? My guess is that I only want 514 udp listening.
On
OSSEC agents this morning were working without issue and then began
reporting as Disconnected. Agent logs are returning the following error:
2017/03/27 10:14:38 ossec-agent: WARN: Process locked. Waiting for
permission...
2017/03/27 10:14:49 ossec-agent(4101): WARN: Waiting for server reply
Am I able to setup the OSSEC windows agent to report to both a Wazuh and a
OSSIM server at the same time?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
Hello Dan,
Thank you for your feedback. I have changed the frequency to 900
sec, and inspected the ossec.log. I noted that inside the log file none of
the agent.conf directories where present. Any theories on why the
ossec.conf syscheck content is showing up in ossec.log, and the
On Mon, Mar 27, 2017 at 12:52 PM, Joel Fries wrote:
> Am I able to setup the OSSEC windows agent to report to both a Wazuh and a
> OSSIM server at the same time?
>
There is no support in the OSSEC agent to report to 2 destinations
simultaneously. It is possible that Wazuh has
On Mon, Mar 27, 2017 at 11:25 AM, wrote:
> Hi All,
>
> So I am currently still troubleshooting, but noticed that the syslog-ng
> process was listening on 514 TCP, but also had an entry for 514 UDP, which
> is the protocol I've set within my ossec.conf. Could this be part
On Mon, Mar 27, 2017 at 10:50 AM, Marc Baker wrote:
> OSSEC agents this morning were working without issue and then began
> reporting as Disconnected. Agent logs are returning the following error:
>
> 2017/03/27 10:14:38 ossec-agent: WARN: Process locked. Waiting for
>
On Mon, Mar 27, 2017 at 4:26 AM, wrote:
> Hello Dan,
>
> Thank you for your feedback. I have changed the frequency to 900
> sec, and inspected the ossec.log. I noted that inside the log file none of
> the agent.conf directories where present. Any theories