On Wed, Apr 24, 2019 at 10:25 AM toko123 <[email protected]> wrote: > > I am connected to VM via SSH on port 22 . > I belive that my OSSEC Server is running on default port. However i don't > know how to check it. >
`tcpdump -i ens3 -nn host 192.168.8.69 and port 1514` should give you the traffic going to and from ossec. > > W dniu środa, 24 kwietnia 2019 16:13:24 UTC+2 użytkownik dan (ddpbsd) napisał: >> >> On Wed, Apr 24, 2019 at 9:52 AM toko123 <[email protected]> wrote: >> > >> > I am getting started with OSSEC and i want to configure windows agent. I >> > have followed the documentation and this. My server is a VM ubuntu and I >> > want to have an Windows Agent. >> > >> > This is the output of active agents. >> > >> > /var/ossec/bin/agent_control -i 001 >> > >> > >> > OSSEC HIDS agent_control. Agent information: >> > >> > Agent ID: 001 >> > >> > Agent Name: WindowsAgent >> > >> > IP address: 192.168.8.69/32 >> > >> > Status: Never connected >> > >> > >> > Operating system: Unknown >> > >> > Client version: Unknown >> > >> > Last keep alive: Unknown >> > >> > >> > Syscheck last started at: Unknown >> > >> > Rootcheck last started at: Unknown >> > >> > This is list of already added agents. >> > >> > Available agents: ID: 001Name: WindowsAgent, IP: 192.168.8.69 >> > >> > I thounght that it may be the firewall problem but on the server side I >> > have droped the firewall. >> > The IP are take from ifconfig command. >> > >> > vm:~/ossec-hids-3.2.0# tcpdump -i ens3 src 192.168.8.69 >> > >> > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode >> > >> > listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes >> > >> > 13:44:30.979244 IP 192.168.8.69.55341 > 10.0.0.4.ssh: Flags [.], ack >> > >1445060350, win 16319, length 0 >> > >> > The connection seems to be working. >> > >> >> Is your ossec server running on port 22? >> >> > Any ideas? >> > >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
