What do you mean by "the agent is disconnected in the ui"? On Mon, Jun 6, 2016 at 6:03 PM, dan (ddp) <[email protected]> wrote:
> > On Jun 6, 2016 5:55 PM, <[email protected]> wrote: > > > > Hi Dan, > > > > Yes, I checked that my webserver user (apache) is in the ossec gorup. Is > there something else I need to check? > > > > If everything else is working just fine, I'd start looking at the php to > see what it reads to get the status (I guess the agent is disconnected in > the ui?). Then make sure whatever filethat is exists > > > Paolo > > > > On Monday, June 6, 2016 at 3:56:53 PM UTC-4, dan (ddpbsd) wrote: > >> > >> > >> On Jun 6, 2016 3:26 PM, "Paolo Lim" <[email protected]> wrote: > >> > > >> > Hi there! > >> > > >> > It is my first time posting here. I am attempting to install ossec in > an AWS environment with a server and agent in their own separate EC2 > instances. > >> > > >> > My first issue is that after installing the UI, it doesn't seem to > find the agent. I have verified that the agent is connected and the server > manage/list_agents is able to find it: > >> > > >> > [root@ossec-server-1 ossec]# /var/ossec/bin/list_agents -c > >> > agent1-10.xxx.x.xx1 is active. > >> > > >> > [root@ossec-server-1 ossec]# /var/ossec/bin/list_agents -a > >> > agent1-10.xxx.x.xx1 is available. > >> > > >> > [root@ossec-server-1 ossec]# /var/ossec/bin/manage_agents > >> > **************************************** > >> > * OSSEC HIDS v2.8.3 Agent manager. * > >> > * The following options are available: * > >> > **************************************** > >> > (A)dd an agent (A). > >> > (E)xtract key for an agent (E). > >> > (L)ist already added agents (L). > >> > (R)emove an agent (R). > >> > (Q)uit. > >> > Choose your action: A,E,L,R or Q: L > >> > Available agents: > >> > ID: 001, Name: agent1, IP: 10.xxx.x.xx1 > >> > > >> > On the agent side, I have verified that the agent is able to connect > to the server in the logs: > >> > > >> > 2016/06/06 19:13:21 ossec-agentd: INFO: Server IP Address: > 10.xxx.x.xx2 > >> > 2016/06/06 19:13:21 ossec-agentd: INFO: Trying to connect to server > (10.xxx.x.xx3:1514). > >> > 2016/06/06 19:13:21 ossec-agentd: INFO: Using IPv4 for: 10.xxx.x.xx3 . > >> > 2016/06/06 19:13:22 ossec-agentd(4102): INFO: Connected to the server > (10.xxx.x.xx2:1514). > >> > > >> > Is there something I should look for or something misconfigured? > Anyone else run into this issue? > >> > > >> > >> Are the other functions of the ui working? If not, check the ossec > group to make sure the webserver's user is in it > >> > >> > Best regards, > >> > Paolo > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send an email to [email protected]. > >> > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
