On Tue, Apr 9, 2019 at 3:09 AM Abid Raza <[email protected]> wrote: > > Hi, > > List-agents -n shows nothing. Please see the attached snapshot.
That's strange. Verify the agents are added by checking `/var/ossec/etc/client.keys` (don't post that, it has secrets) Nothing related in the ossec.log that I saw, but images are much harder to parse than text. I don't see anything relevant in the tcpdump output. Please look for OSSEC traffic (udp port 1514), bootp and dns isn't very helpful. > Yes, I added agent in the OSSEC Server, Copy the key from OSSEC server and > paste it on the OSSEC Agent which is my Active Directory Windows Server. > Attached is the screen shot of the osseclog file. Please review it. > Attached is the snapshot of TCP Dump. Please review it. > > Please let me know if there is any additional information is required. > > Thanks > > > On Monday, 8 April 2019 23:00:17 UTC+5, dan (ddpbsd) wrote: >> >> On Mon, Apr 8, 2019 at 10:13 AM Abid Raza >> <[email protected]> wrote: >> > >> > Team, >> > >> > I have recently installed an standalone OSSEC 3.2 Server and added my >> > Active Directory servers as agents. I have also installed OSSEC AGent v3.2 >> > or my Domain Controllers and started the agent service. >> > >> > I don't see any logs in the archive.log or ossec.log file. Furthermore, >> > When I run the command /var/ossec/bin/list_agents -c, it shows me "Not >> > agents are available" >> > >> >> Does `/var/ossec/bin/list_agents -n` show you anything? >> Did you add the agents to the OSSEC server, export the keys, and >> import the keys on the agents? >> Is there anything related in the ossec.log of either the agents or the >> server? >> Using tcpdump on the OSSEC server, make sure packets from the agents >> are making it to the server. Make sure the server is responding to >> those agents. >> >> > Could you please help me if I am missing any configuration as I am new in >> > the OSSEC. >> > >> > Thanks >> > Abid >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
