For the archives/documentation, how did you fix it?
On Sun, Nov 20, 2011 at 1:53 PM, Joe Arimboor <[email protected]> wrote: > i figured out .. its working fine .. thanks > > > On Fri, Nov 18, 2011 at 12:24 AM, dan (ddp) <[email protected]> wrote: >> >> On Sun, Nov 13, 2011 at 9:11 AM, Joe <[email protected]> wrote: >> > Hi , I am getting the following err msg when an agent try to connect >> > to Server (no Firewall in between) >> > >> >> Are you sure the packets are getting to the manager? >> Does the manager respond? >> Does the manager log anything useful? >> Is this agent using a unique key? >> >> > ========== >> > summary logs >> > --------------------- >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Started (pid: 2800). >> > >> > 2011/11/13 18:05:13 ossec-agent: WARN: Process locked. Waiting for >> > permission... >> > >> > 2011/11/13 18:05:24 ossec-agent(4101): WARN: Waiting for server reply >> > (not started). Tried: '10.10.134.241'. >> > >> > 2011/11/13 18:05:26 ossec-agent: INFO: Trying to connect to server >> > (10.10.134.241:1514). >> > >> > 2011/11/13 18:05:26 ossec-agent: INFO: Using IPv4 for: 10.10.134.241 . >> > >> > 2011/11/13 18:05:47 ossec-agent(4101): WARN: Waiting for server reply >> > (not started). Tried: '10.10.134.241'. >> > >> > 2011/11/13 18:06:07 ossec-agent: INFO: Trying to connect to server >> > (10.10.134.241:1514). >> > >> > 2011/11/13 18:06:07 ossec-agent: INFO: Using IPv4 for: 10.10.134.241 . >> > >> > 2011/11/13 18:06:28 ossec-agent(4101): WARN: Waiting for server reply >> > (not started). Tried: '10.10.134.241'. >> > >> > 2011/11/13 18:07:06 ossec-agent: INFO: Trying to connect to server >> > (10.10.134.241:1514). >> > >> > 2011/11/13 18:07:06 ossec-agent: INFO: Using IPv4 for: 10.10.134.241 . >> > >> > 2011/11/13 18:07:27 ossec-agent(4101): WARN: Waiting for server reply >> > (not started). Tried: '10.10.134.241'. >> > >> > 2011/11/13 18:08:23 ossec-agent: INFO: Trying to connect to server >> > (10.10.134.241:1514). >> > >> > 2011/11/13 18:08:23 ossec-agent: INFO: Using IPv4 for: 10.10.134.241 . >> > >> > 2011/11/13 18:08:44 ossec-agent(4101): WARN: Waiting for server reply >> > (not started). Tried: '10.10.134.241'. >> > >> > ========================= >> > >> > complete logs >> > ----------------------- >> > >> > 2011/11/13 18:05:03 ossec-execd(1350): INFO: Active response disabled. >> > Exiting. >> > >> > 2011/11/13 18:05:03 ossec-agent(1410): INFO: Reading authentication >> > keys file. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: No previous counter available >> > for 'AV_server'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Assigning counter for agent >> > AV_server: '0:0'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Assigning sender counter: 0:30 >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Trying to connect to server >> > (10.10.134.241:1514). >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Using IPv4 for: 10.10.134.241 . >> > >> > 2011/11/13 18:05:03 ossec-agent: Starting syscheckd thread. >> > >> > 2011/11/13 18:05:03 ossec-rootcheck: INFO: Started (pid: 2800). >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Classes\comfile'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Classes\exefile'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Classes\piffile'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Classes\Directory'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Classes\Folder'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Classes\Protocols'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Policies'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Security'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager >> > \KnownDLLs'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers >> > \winreg'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion >> > \RunOnce'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion >> > \RunOnceEx'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion >> > \Policies'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion >> > \Windows'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion >> > \Winlogon'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed >> > Components'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/win.ini'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/system.ini'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \autoexec.bat'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \config.sys'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \boot.ini'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/CONFIG.NT'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/AUTOEXEC.NT'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/at.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/attrib.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/cacls.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/debug.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/drwatson.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/drwtsn32.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/edlin.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/eventcreate.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/eventtriggers.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/ftp.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/net.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/net1.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/netsh.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/rcp.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/reg.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/regedit.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/regedt32.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/regsvr32.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/rexec.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/rsh.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/runas.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/sc.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/subst.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/telnet.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/tftp.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/tlntsvr.exe'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \WINDOWS/System32/drivers/etc'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: >> > \Documents and Settings/All Users/Start Menu/Programs/Startup'. >> > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Started (pid: 2800). >> > >> > 2011/11/13 18:05:13 ossec-agent: WARN: Process locked. Waiting for >> > permission... >> > >> > 2011/11/13 18:05:24 ossec-agent(4101): WARN: Waiting for server reply >> > (not started). Tried: '10.10.134.241'. >> > >> > 2011/11/13 18:05:26 ossec-agent: INFO: Trying to connect to server >> > (10.10.134.241:1514). >> > >> > 2011/11/13 18:05:26 ossec-agent: INFO: Using IPv4 for: 10.10.134.241 . >> > >> > 2011/11/13 18:05:47 ossec-agent(4101): WARN: Waiting for server reply >> > (not started). Tried: '10.10.134.241'. >> > >> > 2011/11/13 18:06:07 ossec-agent: INFO: Trying to connect to server >> > (10.10.134.241:1514). >> > >> > 2011/11/13 18:06:07 ossec-agent: INFO: Using IPv4 for: 10.10.134.241 . >> > >> > 2011/11/13 18:06:28 ossec-agent(4101): WARN: Waiting for server reply >> > (not started). Tried: '10.10.134.241'. >> > >> > 2011/11/13 18:07:06 ossec-agent: INFO: Trying to connect to server >> > (10.10.134.241:1514). >> > >> > 2011/11/13 18:07:06 ossec-agent: INFO: Using IPv4 for: 10.10.134.241 . >> > >> > 2011/11/13 18:07:27 ossec-agent(4101): WARN: Waiting for server reply >> > (not started). Tried: '10.10.134.241'. >> > >> > 2011/11/13 18:08:23 ossec-agent: INFO: Trying to connect to server >> > (10.10.134.241:1514). >> > >> > 2011/11/13 18:08:23 ossec-agent: INFO: Using IPv4 for: 10.10.134.241 . >> > >> > 2011/11/13 18:08:44 ossec-agent(4101): WARN: Waiting for server reply >> > (not started). Tried: '10.10.134.241'. >> > >> > > >
