Hi I've seen alerts triggered by logs from agent (ex. ossec.conf modified).
I've add/remove agent with manage_agents many times and restart ossec service by ossec_control restart command Netstat shows the connection of server and agent has been established. All the demon running well. what can I do next? Regards, Ivan Kuo dan (ddp) <[email protected]> 於 2014/2/25 下午9:14 寫道: > On Tue, Feb 25, 2014 at 7:00 AM, Kuo Ivan <[email protected]> wrote: >> Dear >> >> I have a ossec agent installed on redhat Linux and have key import success. >> >> On the agent, there shows no error in the /var/ossec/logs/ossec.log, and the >> ossec server as well. >> >> Here is the problem, I can't see the agent active but "never connected" on >> the server. And there are alerts send from agent like "agent started". >> >> What is happened? >> > > You are, or are not seeing alerts triggered by logs from that agent? > Did you restart the OSSEC processes on the server after adding the > agent with manage_agents? > is there udp traffic going from the agent to the server's port 1514? > Is there return traffic? > Is ossec-remoted running on the server? > Is ossec-agentd running on the agent? > >> Thanks >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
