Anyone have a few minutes? I tried here and the IRC channel and no one responds :-(.. I would much appreciate the help. Philippe.
________________________________ From: Philippe Bechamp Sent: Monday, January 28, 2008 2:47 PM To: '[email protected]' Subject: Help with logging from win client to server please. Can I kindly request help in troubleshooting an issue I am having with a win client connecting to a server. My win client is configured as such: <client> <!-- IP address of the Ossec HIDS server. --> <server-ip>10.17.X.X</server-ip> </client> My server is as such: <remote> <connection>secure</connection> <port>1514</port> <allowed-ips>10.16.X.X</allowed-ips> <local-ip>10.17.X.X</local-ip> </remote> Everything seems like it's running fine. I have a test trigger in performance monitor to generate a log entry every few seconds for testing. If I start tethereal on the server I get: [EMAIL PROTECTED] myname]# /usr/sbin/tethereal -f src host 10.16.X.X or dst host 10.16.X.X Capturing on eth0 0.000000 10.16.X.X -> 10.17.X.X UDP Source port: 1634 Destination port: 1514 0.001290 10.17.X.X -> 10.16.X.X ICMP Destination unreachable (Port unreachable) 104.001045 10.16.X.X -> 10.17.X.X UDP Source port: 1634 Destination port: 1514 104.001082 10.17.X.X -> 10.16.X.X ICMP Destination unreachable (Port unreachable) And if I check if there's anything running on 1514 I get: [EMAIL PROTECTED] myname]# netstat -l -p | grep 1514 [EMAIL PROTECTED] myname]# Any ideas what I should check ? Thanks ! Philippe. -- Philippe Béchamp Senior Security Analyst Openwave Systems +1-819-334-3434 (@bell.ca for sms)
