PFA the result. On Saturday, 13 April 2019 07:08:51 UTC+5, dan (ddpbsd) wrote: > > On Thu, Apr 11, 2019 at 8:17 AM Abid Raza > <[email protected] <javascript:>> wrote: > > > > Hi, > > > > I can see the keys in the client.keys file. Could you please let me know > the steps to check the OSSEC Traffic you mentioned in your last email? > > > > Replace INTERFACE with the name of your network interface. > > `sudo tcpdump -nni INTERFACE udp and port 1514` > > This causes tcpdump to not translate hostnames and port numbers, > listen on INTERFACE, > and only display udp traffic on port 1514. > > > On Tuesday, 9 April 2019 17:19:35 UTC+5, dan (ddpbsd) wrote: > >> > >> On Tue, Apr 9, 2019 at 3:09 AM Abid Raza > >> <[email protected]> wrote: > >> > > >> > Hi, > >> > > >> > List-agents -n shows nothing. Please see the attached snapshot. > >> > >> That's strange. Verify the agents are added by checking > >> `/var/ossec/etc/client.keys` (don't post that, it has secrets) > >> Nothing related in the ossec.log that I saw, but images are much > >> harder to parse than text. > >> I don't see anything relevant in the tcpdump output. Please look for > >> OSSEC traffic (udp port 1514), bootp and dns isn't very helpful. > >> > >> > Yes, I added agent in the OSSEC Server, Copy the key from OSSEC > server and paste it on the OSSEC Agent which is my Active Directory Windows > Server. > >> > Attached is the screen shot of the osseclog file. Please review it. > >> > Attached is the snapshot of TCP Dump. Please review it. > >> > > >> > Please let me know if there is any additional information is > required. > >> > > >> > Thanks > >> > > >> > > >> > On Monday, 8 April 2019 23:00:17 UTC+5, dan (ddpbsd) wrote: > >> >> > >> >> On Mon, Apr 8, 2019 at 10:13 AM Abid Raza > >> >> <[email protected]> wrote: > >> >> > > >> >> > Team, > >> >> > > >> >> > I have recently installed an standalone OSSEC 3.2 Server and added > my Active Directory servers as agents. I have also installed OSSEC AGent > v3.2 or my Domain Controllers and started the agent service. > >> >> > > >> >> > I don't see any logs in the archive.log or ossec.log file. > Furthermore, When I run the command /var/ossec/bin/list_agents -c, it shows > me "Not agents are available" > >> >> > > >> >> > >> >> Does `/var/ossec/bin/list_agents -n` show you anything? > >> >> Did you add the agents to the OSSEC server, export the keys, and > >> >> import the keys on the agents? > >> >> Is there anything related in the ossec.log of either the agents or > the server? > >> >> Using tcpdump on the OSSEC server, make sure packets from the agents > >> >> are making it to the server. Make sure the server is responding to > >> >> those agents. > >> >> > >> >> > Could you please help me if I am missing any configuration as I am > new in the OSSEC. > >> >> > > >> >> > Thanks > >> >> > Abid > >> >> > > >> >> > -- > >> >> > > >> >> > --- > >> >> > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> >> > To unsubscribe from this group and stop receiving emails from it, > send an email to [email protected]. > >> >> > For more options, visit https://groups.google.com/d/optout. > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send an email to [email protected]. > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
