I tried stuffs like tcpdump or nmap but seems all ok on communication.
Now i tried to add my agent to a working ossec-server and all went fine. Then i retried to add same agent to openSUSE-ossec-server, and still don't work. So i checked file ossec.log of the agent and i see just 1 difference from when it worked with first ossec-server, and when not with openSUSE-ossec-server: When it tried to connect with openSUSE-ossec-server give me a warning: "ossec-logcollector:WARN : Process Locked. Waiting for permission..." Could be usefull to detect the problem? 2014-10-24 15:35 GMT+02:00 dan (ddp) <[email protected]>: > On Fri, Oct 24, 2014 at 9:32 AM, Mario d'Aniello <[email protected]> > wrote: > > What you mean with "manager" and how can i check if manager respond? > > > > The manager is the OSSEC server. I try to say manager most of the time > because some people get confused when I say "OSSEC server," thinking I > mean the server that the agent is installed on. > > Try using tcpdump. > tcpdump port 1514 and udp > > > 2014-10-24 14:52 GMT+02:00 dan (ddp) <[email protected]>: > > > >> On Fri, Oct 24, 2014 at 8:43 AM, Mario d'Aniello <[email protected] > > > >> wrote: > >> > Yes... here's my ossec.log in attachment. > >> > > >> > >> So, no. Nothing interesting in the ossec.log. > >> Are the packets making it to the manager from the agent? > >> Is there a firewall blocking them on the manager? > >> Does the manager respond? > >> > >> > 2014-10-24 14:17 GMT+02:00 dan (ddp) <[email protected]>: > >> > > >> >> On Fri, Oct 24, 2014 at 8:16 AM, Mario d'Aniello > >> >> <[email protected]> > >> >> wrote: > >> >> > Ok i verified with a working ossec server, that list_agent wont > show > >> >> > the > >> >> > agent if hadn't a first access. > >> >> > But my problem still, an agent can't connect on a server installed > on > >> >> > openSUSE. > >> >> > There's anyone with an ossec server on openSUSE? > >> >> > > >> >> > >> >> Is there anything in the ossec.log files? > >> >> > >> >> > Il 24/ott/2014 13:37 "dan (ddp)" <[email protected]> ha scritto: > >> >> > > >> >> > On Fri, Oct 24, 2014 at 6:54 AM, Mario d'Aniello > >> >> > <[email protected]> > >> >> > wrote: > >> >> >> Hi all. > >> >> >> I recently installed Ossec-hids-2.8.1 downloaded from main site, > on > >> >> >> openSUSE > >> >> >> 13.1. > >> >> >> First i did a Server installation and seems that all gone fine. > Then > >> >> >> i > >> >> >> added > >> >> >> an agent with ./manage-agent, extracted the key and imported to an > >> >> >> agent. > >> >> >> > >> >> >> But when i try to connect the agent, the agent wont connect with > the > >> >> >> server. > >> >> >> > >> >> >> So i comeback to see what's wrong with the server and i see a > >> >> >> strange > >> >> >> thing. > >> >> >> In ./manage-agent i have the list of my agent. But if i use > >> >> >> ./list_agents > >> >> >> there's no agents in list, even with parameter -a (list all agent) > >> >> >> or > >> >> >> -n > >> >> >> (not connected). > >> >> >> > >> >> >> There's any problem\bug well know to that? > >> >> >> > >> >> >> > >> >> > > >> >> > Never heard of that issue. > >> >> > > >> >> >> > >> >> >> > >> >> >> Il giorno martedì 28 gennaio 2014 19:24:56 UTC+1, BMor ha scritto: > >> >> >>> > >> >> >>> OSSEC installs well on many Linux operating systems. Recently, I > >> >> >>> have begun using OpenSUSE (13.1 x64) and tried to use OSSEC on > that > >> >> >>> system. For some reason it creates multiple new users, none of > >> >> >>> which > >> >> >>> are able to be used, and does not start up in boot, even though > the > >> >> >>> installation confirms that the "int" file was modified to > >> >> >>> accomplish > >> >> >>> this task. I can logon to my account, but I am forced to issue > the > >> >> >>> start command every time I want to start the program. > >> >> >>> > >> >> >>> I am new to the system, and do not consider myself a > >> >> >>> programmer. > >> >> >>> I > >> >> >>> only program for scientific purposes, and do not know many of the > >> >> >>> specifics that professional programmers do. Having said this, I > >> >> >>> posted > >> >> >>> a question on the OpenSUSE forum regarding this issue, and one > >> >> >>> person > >> >> >>> seems to suggest that it is a compatibility issue with OpenSUSE, > >> >> >>> and > >> >> >>> thus the program would need modification. I wish I could tell > you > >> >> >>> what > >> >> >>> caused this issue, but I don't have that knowledge. > Nevertheless, > >> >> >>> OpenSUSE is a popular distribution and I wanted to let you know > of > >> >> >>> this > >> >> >>> issue. > >> >> >> > >> >> >> -- > >> >> >> > >> >> >> --- > >> >> >> You received this message because you are subscribed to the Google > >> >> >> Groups > >> >> >> "ossec-list" group. > >> >> >> To unsubscribe from this group and stop receiving emails from it, > >> >> >> send > >> >> >> an > >> >> >> email to [email protected]. > >> >> >> For more options, visit https://groups.google.com/d/optout. > >> >> > > >> >> > -- > >> >> > > >> >> > --- > >> >> > You received this message because you are subscribed to the Google > >> >> > Groups > >> >> > "ossec-list" group. > >> >> > To unsubscribe from this group and stop receiving emails from it, > >> >> > send > >> >> > an > >> >> > email to [email protected]. > >> >> > For more options, visit https://groups.google.com/d/optout. > >> >> > > >> >> > -- > >> >> > > >> >> > --- > >> >> > You received this message because you are subscribed to the Google > >> >> > Groups > >> >> > "ossec-list" group. > >> >> > To unsubscribe from this group and stop receiving emails from it, > >> >> > send > >> >> > an > >> >> > email to [email protected]. > >> >> > For more options, visit https://groups.google.com/d/optout. > >> >> > >> >> -- > >> >> > >> >> --- > >> >> You received this message because you are subscribed to the Google > >> >> Groups > >> >> "ossec-list" group. > >> >> To unsubscribe from this group and stop receiving emails from it, > send > >> >> an > >> >> email to [email protected]. > >> >> For more options, visit https://groups.google.com/d/optout. > >> > > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, send > >> > an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/d/optout. > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected]. > >> For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
