On Tue, 19 Feb 2019 06:54:25 -0500
"dan (ddp)" <[email protected]> wrote:
> You can try running ossec-remoted in debug mode to see if it offers
> anymore logs. (`pkill ossec-remoted && /var/ossec/bin/ossec-remoted
> -d`)
>
root@damocle:~ # pkill ossec-remoted && /var/ossec/bin/ossec-remoted -d
2019/02/19 13:16:50 ossec-remoted: DEBUG: Starting ...
I see packets coming via tcpdump and nothing in the logs. Does remoted
log to stderr?
I'm still getting those packets (see below) an see nothing in the logs.
192.168.134.18.36616 > 192.168.134.5.fujitsu-dtcns: UDP, length 73
0x0000: 4500 0065 dcdd 0000 3f11 1142 c0a8 8612 E..e....?..B....
0x0010: c0a8 8605 8f08 05ea 0051 8e8f 3a98 5bc9 .........Q..:.[.
0x0020: bea2 a7d6 f1c2 b86a b27f adb2 6316 ca4b .......j....c..K
0x0030: cb0b 5c65 7cf2 fea6 27c0 6fa4 5e5d 52ff ..\e|...'.o.^]R.
0x0040: ee67 29fb 6158 d480 e928 38f0 fcf5 2740 .g).aX...(8...'@
0x0050: d03a 6acf 3c88 dc39 d330 4815 a4d9 dc62 .:j.<..9.0H....b
0x0060: abe0 493c b4 ..I<.
Thanks again for any clue,
Luciano.
--
/"\ /Via A. Salaino, 7 - 20144 Milano (Italy)
\ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250
X AGAINST HTML MAIL / E-MAIL: [email protected]
/ \ AND POSTINGS / WWW: http://www.lesassaie.IT/
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
