Oh, ok. I don't use the WUI. What about the important part of my response?
On Thu, Jul 26, 2012 at 2:12 PM, William Lindfors <[email protected]> wrote: > > Here is a screen capture of what I'm talking about. Thx. > > > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of dan (ddp) > Sent: Thursday, July 26, 2012 1:08 PM > To: [email protected] > Subject: Re: [ossec-list] Rule ID 5701? Possible attack on the SSH server? > All agents inactive, what gives? > > > > On Thu, Jul 26, 2012 at 12:56 PM, William Lindfors > <[email protected]> wrote: > > > How do I get all the agents back online? I stopped and started the > > service, but they all remain red and I am getting the following message: > > > > > > > Red? What are you seeing red in? > > > > > > > > 2012 Jul 26 12:42:25 Rule Id: 5701 level: 8 > > > Location: profim01->/var/log/secure > > > Src IP: UNKNOWN > > > Possible attack on the ssh server (or version gathering). > > > > > > > > > > This looks unrelated. There should be a log message that goes with that. > > > > Check the ossec.log on the manager and the agents to see if there are any > log messages about why they are disconnected. Double check with > `/var/ossec/bin/list_agents -c` that they are disconnected. Have all of your > agents been connected at some point? > > > > > > > > > > > -----Original Message----- > > > From: [email protected] [mailto:[email protected]] > > > On Behalf Of dan (ddp) > > > Sent: Thursday, July 26, 2012 9:02 AM > > > To: [email protected] > > > Subject: Re: [ossec-list] Rule ID 5701? Possible attack on the SSH > > server? All agents inactive, what gives? > > > > > > On Thu, Jul 26, 2012 at 12:55 AM, William Lindfors > > <[email protected]> wrote: > > >> > > >> > > >> > > >> > > >> Latest events > > >> > > >> > > >> > > >> 2012 Jul 26 00:47:01 Rule Id: 5701 level: 8 > > >> Location: profim01->/var/log/secure > > >> Src IP: UNKNOWN > > >> Possible attack on the ssh server (or version gathering). > > > > > > What's the question exactly?
