1 can't restart windows agent in server
AR should be enabled on all agents for the remote restart feature to work what is AR ? Is that a file in /var/ossec/etc/shard/ar ? how it use to do. and how to enabled. I not notes it in windows,but can resolve this problom. 2 About hybrid mode . Today i install the hybrid mode again and again. i am sure both my configure and key are correct .AND key is right .but in hybrid mode ,i use netstat -antlu ,i can't find 1514 port is open. but in server it opened .So i guess have something wrong to cause hybrid server can't open 1514 so the agent can't connect hybrid server ? The following is my netstat -anlup server(works good) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 192.168.122.1:53 0.0.0.0:* 2869/dnsmasq udp 0 0 0.0.0.0:67 0.0.0.0:* 2869/dnsmasq udp 0 0 0.0.0.0:1514 0.0.0.0:* 21383/ossec-remoted hybrid(not works) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 10.64.4.106:34465 10.64.4.103:1514 ESTABLISHED 6982/ossec-agentd and i will give my hybrid conf . conf.1 is in /var/ossec/etc conf.2 in /var/ossec/ossec-agent/etc conf.3 is agent's my degsin network is server:10.64.4.103 hybrid:10.64.4.106 agent 10.64.4.108
ossec.conf.rar
Description: application/rar
