What operating system did you install OSSEC Hybrid mode on?
On Wednesday, December 5, 2012 2:27:08 AM UTC-8, peng lin wrote: > > 1 can't restart windows agent in server > > AR should be enabled on all agents for the remote restart feature to work > > what is AR ? Is that a file in /var/ossec/etc/shard/ar ? how it use to > do. and how to enabled. I not notes it in windows,but can resolve this > problom. > > > > 2 About hybrid mode . > > Today i install the hybrid mode again and again. i am sure both my > configure and key are correct .AND key is right .but in hybrid mode ,i use > netstat -antlu ,i can't find 1514 port is open. but in server it opened > .So i guess have something wrong to cause hybrid server can't open 1514 so > the agent can't connect hybrid server ? > > The following is my netstat -anlup > > server(works good) > > Proto Recv-Q Send-Q Local Address Foreign > Address State PID/Program name > udp 0 0 192.168.122.1:53 > 0.0.0.0:* 2869/dnsmasq > udp 0 0 0.0.0.0:67 > 0.0.0.0:* 2869/dnsmasq > udp 0 0 0.0.0.0:1514 > 0.0.0.0:* 21383/ossec-remoted > hybrid(not works) > > Proto Recv-Q Send-Q Local Address Foreign > Address State PID/Program name > udp 0 0 10.64.4.106:34465 10.64.4.103:1514 > ESTABLISHED 6982/ossec-agentd > > and i will give my hybrid conf . > > conf.1 is in /var/ossec/etc conf.2 in /var/ossec/ossec-agent/etc > conf.3 is agent's > > my degsin network is server:10.64.4.103 hybrid:10.64.4.106 agent > 10.64.4.108 >
