On Wed, Feb 27, 2019 at 12:20 PM Luciano Mannucci <[email protected]> wrote: > > On Tue, 19 Feb 2019 15:08:17 +0100 > Luciano Mannucci <[email protected]> wrote: > > > I see packets coming via tcpdump and nothing in the logs. Does remoted > > log to stderr? > Ok, I start a new approach not to interfere with existing and running > ooserc. I've installed a brand new server, inserted the client via > manage_clients, extracted an deployed the key. I see packets coming to > the servers an now, if I run > > ~ossec/bin/ossec-remoted -d -f > > I get a bunch of lines like this: > > 2019/02/27 18:12:49 ossec-remoted(1403): ERROR: Incorrectly formatted message > from '212.45.144.123'. > > ending with: > 2019/02/27 18:16:33 ossec-remoted(2202): ERROR: Error uncompressing string. > > And it starts over and over. > > Do I have any chance to investigate further? >
Start grepping for the error messages. The uncompressing error appears in: os_crypto/shared/msgs.c Which uses zlib. I'm not sure if the FreeBSD port uses the system zlib or the bundled one. I'm pretty sure the bundled one hasn't been tested on FreeBSD/ppc64. I'm pretty sure OSSEC hasn't been tested on FreeBSD/ppc64. > Thanks again, > > Luciano. > -- > /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) > \ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250 > X AGAINST HTML MAIL / E-MAIL: [email protected] > / \ AND POSTINGS / WWW: http://www.lesassaie.IT/ > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
