I am getting started with OSSEC and i want to configure windows agent. I have followed the documentation <https://ossec-docs.readthedocs.io/en/latest/manual/agent/agent-management.html> and this <https://www.digitalocean.com/community/tutorials/how-to-monitor-ossec-agents-using-an-ossec-server-on-ubuntu-14-04#step-6-%E2%80%94-import-the-key-from-server-to-agent>. My server is a VM ubuntu and I want to have an Windows Agent.
This is the output of active agents. /var/ossec/bin/agent_control -i 001 OSSEC HIDS agent_control. Agent information: Agent ID: 001 Agent Name: WindowsAgent IP address: 192.168.8.69/32 Status: Never connected Operating system: Unknown Client version: Unknown Last keep alive: Unknown Syscheck last started at: Unknown Rootcheck last started at: Unknown This is list of already added agents. Available agents: ID: 001Name: WindowsAgent, IP: 192.168.8.69 I thounght that it may be the firewall problem but on the server side I have droped the firewall. The IP are take from ifconfig command. vm:~/ossec-hids-3.2.0# tcpdump -i ens3 src 192.168.8.69 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes 13:44:30.979244 IP 192.168.8.69.55341 > 10.0.0.4.ssh: Flags [.], ack >1445060350, win 16319, length 0 The connection seems to be working. Any ideas? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
