Here is a summary:
I have a Windows 7 system with VM player, a Linux OSSEC server VM, a Windows OSSEC Client. My goal ultimately is to monitor a log file and send alerts when certain text shows up..when I add this to the ossec.config file, it never shows up in the ossec.log like the other files do - but I am wondering if I am having another problem altogether here. It looks like it connects...it will connect to any agent I set up in manage agents on the OSSEC server, referencing it in the dialogue box. (xxxServer is the agent setup on the 2012/09/01 10:31:03 ossec-agent: INFO: No previous counter available for 'xxxServer'. 2012/09/01 10:31:03 ossec-agent: INFO: Assigning counter for agent xxxServer: '0:0'. 2012/09/01 10:31:03 ossec-agent: INFO: Assigning sender counter: 0:604 2012/09/01 10:31:03 ossec-agent: INFO: Trying to connect to server (192.168.41.130:1514). 2012/09/01 10:31:03 ossec-agent: INFO: Using IPv4 for: 192.168.41.130 . then, later on in the log... 2012/09/01 10:31:27 c Tried: '192.168.41.130'. 2012/09/01 10:31:29 ossec-agent: INFO: Trying to connect to server (192.168.41.130:1514). 2012/09/01 10:31:29 ossec-agent: INFO: Using IPv4 for: 192.168.41.130 . 2012/09/01 10:31:50 ossec-agent(4101): WARN: Waiting for server reply (not started). Tried: '192.168.41.130'. And it will keep re-trying. The IP here is the one returned by ifconfig on the Linux VM. I can ping it successfully from the Windows VM. I CANNOT ping the IP on the OSSEC Client system from the Linux VM, but I can ping the Default Gateway. I am set to NAT on the VM NICS. >>>IPCONFIG ON THE OSSCEC CLIENT Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : xxx.com IPv4 Address. . . . . . . . . . . : 192.168.41.129 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.41.2 Tunnel adapter isatap.electridion.com: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : xxx.com Tunnel adapter Local Area Connection* 9: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:1c6a:20e4:3f57:d67e Link-local IPv6 Address . . . . . : fe80::1c6a:20e4:3f57:d67e%12 Default Gateway . . . . . . . . . : :: >>>>IPCONFIG ON HOST SYSTEM: Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : xxx.com IPv4 Address. . . . . . . . . . . : 192.168.41.129 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.41.2 Tunnel adapter isatap.electridion.com: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : xxx.com Tunnel adapter Local Area Connection* 9: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:1c6a:20e4:3f57:d67e Link-local IPv6 Address . . . . . : fe80::1c6a:20e4:3f57:d67e%12 Default Gateway . . . . . . . . . : ::
