On Thu, Apr 11, 2019 at 8:17 AM Abid Raza <[email protected]> wrote: > > Hi, > > I can see the keys in the client.keys file. Could you please let me know the > steps to check the OSSEC Traffic you mentioned in your last email? >
Replace INTERFACE with the name of your network interface. `sudo tcpdump -nni INTERFACE udp and port 1514` This causes tcpdump to not translate hostnames and port numbers, listen on INTERFACE, and only display udp traffic on port 1514. > On Tuesday, 9 April 2019 17:19:35 UTC+5, dan (ddpbsd) wrote: >> >> On Tue, Apr 9, 2019 at 3:09 AM Abid Raza >> <[email protected]> wrote: >> > >> > Hi, >> > >> > List-agents -n shows nothing. Please see the attached snapshot. >> >> That's strange. Verify the agents are added by checking >> `/var/ossec/etc/client.keys` (don't post that, it has secrets) >> Nothing related in the ossec.log that I saw, but images are much >> harder to parse than text. >> I don't see anything relevant in the tcpdump output. Please look for >> OSSEC traffic (udp port 1514), bootp and dns isn't very helpful. >> >> > Yes, I added agent in the OSSEC Server, Copy the key from OSSEC server and >> > paste it on the OSSEC Agent which is my Active Directory Windows Server. >> > Attached is the screen shot of the osseclog file. Please review it. >> > Attached is the snapshot of TCP Dump. Please review it. >> > >> > Please let me know if there is any additional information is required. >> > >> > Thanks >> > >> > >> > On Monday, 8 April 2019 23:00:17 UTC+5, dan (ddpbsd) wrote: >> >> >> >> On Mon, Apr 8, 2019 at 10:13 AM Abid Raza >> >> <[email protected]> wrote: >> >> > >> >> > Team, >> >> > >> >> > I have recently installed an standalone OSSEC 3.2 Server and added my >> >> > Active Directory servers as agents. I have also installed OSSEC AGent >> >> > v3.2 or my Domain Controllers and started the agent service. >> >> > >> >> > I don't see any logs in the archive.log or ossec.log file. Furthermore, >> >> > When I run the command /var/ossec/bin/list_agents -c, it shows me "Not >> >> > agents are available" >> >> > >> >> >> >> Does `/var/ossec/bin/list_agents -n` show you anything? >> >> Did you add the agents to the OSSEC server, export the keys, and >> >> import the keys on the agents? >> >> Is there anything related in the ossec.log of either the agents or the >> >> server? >> >> Using tcpdump on the OSSEC server, make sure packets from the agents >> >> are making it to the server. Make sure the server is responding to >> >> those agents. >> >> >> >> > Could you please help me if I am missing any configuration as I am new >> >> > in the OSSEC. >> >> > >> >> > Thanks >> >> > Abid >> >> > >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, send >> >> > an email to [email protected]. >> >> > For more options, visit https://groups.google.com/d/optout. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
