Hi,

I started over with the ossec-hids-2.8.3-3.  I have been able to get the 
database working correctly, but I think my agents are messed up.  I ran the 
ossec batch manager to recreate the keys and I 
ran /var/ossec/bin/manage_agents -i new key on each of the servers I want 
to monitor.  I have restarted the ossec processes on both the clients and 
the ossec server but I dont seem to be getting any connections from the 
clients.  on the client side I see:

2016/12/13 14:39:29 ossec-agentd(4101): WARN: Waiting for server reply (not 
started). Tried: '10.xx.xx.71'.
2016/12/13 14:39:31 ossec-agentd: INFO: Trying to connect to server 
(10.xx.xx.71:1514).
2016/12/13 14:39:31 ossec-agentd: INFO: Using IPv4 for: 10.xx.xx.71 .

And I am not seeing any connections on the server side, but I see the port 
is open:

[root@OSSEC ossec]# netstat -an | grep 1514
udp        0      0 0.0.0.0:1514            0.0.0.0:*

I checked with our network guy to see if there is a problem there and he 
confirmed that we arent blocking the port or anything.

Sean


On Monday, December 12, 2016 at 5:37:10 PM UTC-7, jose wrote:
>
> Hi Sean,
>
> What rpm are you using? wazuh-manager-1.1.1-3 or ossec-hids-2.8.3-3?
>
> Regards
> -----------------------
> Jose Luis Ruiz
> Wazuh Inc.
> jo...@wazuh.com <javascript:>
>
> On December 12, 2016 at 5:25:41 PM, Sean Roe (sea...@gmail.com 
> <javascript:>) wrote:
>
> Hi all, 
>
> I have installed the ossec server using the Wazuh rpms and it is running 
> well. I have 20 servers sending data too it and they are working great.  I 
> would like to write the data out to a mysql database and was wondering what 
> the right procedure would be.  Do I uninstall the rpm first then compile 
> from source? Or is the an option to enable the database from the rpm 
> install?  The reason I would like this is to use the old web gui so I can 
> show the management types "Look we can see quickly what has changed and 
> when".  I eventually want to integrate with our splunk server but this 
> seemed like a nice way to show filesystem changes quickly.
>
> Thanks,
> Sean
> --
>
> ---
> You received this message because you are subscribed to the Google Groups 
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ossec-list+...@googlegroups.com <javascript:>.
> For more options, visit https://groups.google.com/d/optout.
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to