Your server doesn't seem to be running. Can you run # ps ax | grep ossec on your server?
Philippe Bechamp wrote: > > > Anyone have a few minutes? I tried here and the IRC channel and no one > responds L.. I would much appreciate the help. Philippe. > > > > ------------------------------------------------------------------------ > > *From:* Philippe Bechamp > *Sent:* Monday, January 28, 2008 2:47 PM > *To:* '[email protected]' > *Subject:* Help with logging from win client to server please. > > > > Can I kindly request help in troubleshooting an issue I am having with a > win client connecting to a server. > > > > My win client is configured as such: > > > > <client> > > <!-- IP address of the Ossec HIDS server. --> > > <server-ip>10.17.X.X</server-ip> > > </client> > > > > My server is as such: > > > > <remote> > > <connection>secure</connection> > > <port>1514</port> > > <allowed-ips>10.16.X.X</allowed-ips> > > <local-ip>10.17.X.X</local-ip> > > </remote> > > > > Everything seems like it’s running fine. I have a test trigger in > performance monitor to generate a log entry every few seconds for testing. > > > > If I start tethereal on the server I get: > > > > [EMAIL PROTECTED] myname]# /usr/sbin/tethereal -f src host 10.16.X.X or > dst host 10.16.X.X > > Capturing on eth0 > > 0.000000 10.16.X.X -> 10.17.X.X UDP Source port: 1634 Destination > port: 1514 > > 0.001290 10.17.X.X -> 10.16.X.X ICMP Destination unreachable (Port > unreachable) > > > > 104.001045 10.16.X.X -> 10.17.X.X UDP Source port: 1634 Destination > port: 1514 > > 104.001082 10.17.X.X -> 10.16.X.X ICMP Destination unreachable (Port > unreachable) > > > > And if I check if there’s anything running on 1514 I get: > > > > [EMAIL PROTECTED] myname]# netstat -l -p | grep 1514 > > [EMAIL PROTECTED] myname]# > > > > > > Any ideas what I should check ? > > > > Thanks ! > > > > Philippe. > > > > -- > > Philippe Béchamp > > Senior Security Analyst > > Openwave Systems > > +1-819-334-3434 (@bell.ca for sms) > > > > > > >
