On Fri, Nov 21, 2014 at 11:11 AM, Colin Bruce <[email protected]> wrote: > Dear Dan, > > > > Thanks for the reply. Sadly the answer to each of your questions is yes. I > just double checked to make sure. > >
Does the manager respond to the packets? Try turning debug on on the manager (`/var/ossec/bin/ossec-control enable debug && /var/ossec/bin/ossec-control restart`), and check the logs for more information. > > As a last attempt I am going to delete everything and start again. After > that I think I'll give up. > Good luck > > > Best wishes... > > Colin > > > > From: [email protected] [mailto:[email protected]] On > Behalf Of dan (ddp) > Sent: 21 November 2014 16:00 > To: [email protected] > Subject: Re: [ossec-list] Cant Get it Working > > > > > On Nov 21, 2014 10:46 AM, "Colin Bruce" <[email protected]> wrote: >> >> Hi, >> >> >> >> I have been trying to get this to work for a couple of months now and have >> got absolutely nowhere. I see lots of people with questions which suggests >> that they have it running. I just don't understand what I am doing wrong, >> >> >> >> I've started again untarred the file ossec-hids-2.8.1.tar.gz, run >> install.sh using all the defaults and whe I run it I do get a notification >> by e-mail that it has started. However, the log file includes: >> >> >> >> >> >> Why is the socket not available? Surely if it is required it should either >> be in the install.sh or documented somewhere. >> >> >> >> I've installed two agents - one on a windows server and one on a Linux >> server. Neither of them connect to the ossec server. On both I get this: >> >> >> >> >> >> The log on the ossec server shows absolutely no attempt to connect from >> anywhere. It just ignores everything. All the servers are on the same >> network 192.168.30.0/24 and I've given them keys. There is no firewall of >> any kind between the servers and all other communications works fine. >> >> >> >> This is an absolutely out of the box install with no configuration other >> than what install.sh does and it doesn't work. >> >> >> >> Does anyone have any idea what is wrong or even where to look. >> >> > > Is ossec-remoted working? > Are udp packets making it to the manager? > Are the keys and ips for the agents unique? > Did you restart the manager's ossec processes after adding the agents? > Are you sure you gave each agent the correct key? > >> >> Best wishes.... >> >> Colin >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
