Greetings:
I got past the error of agents connecting by doing the following:
1. In the remote section of the server ossec.conf use the local_ip
setting to fix the IP as the pubic ip. Given that netstat -lnupe |
grep :1514 showed ossec-remoted listening on ALL ports, this should
not have been
- --[ UxBoD ]-- ux...@splatnix.net wrote:
| - Michael Starks ossec-l...@michaelstarks.com wrote:
|
| | Well it appears to not be port scanning which brings down the
| | connections :(
| |
| | All agents disconnected again today at exactly the same time as
| | yesterday. I have
Hi
The link to installing Ossec on Centos does not work. And my installation does
not work either.
Robert Lourenco
security technician
[cid:image001.png@01CA83DA.AF997760]
direct tel
+27 11 581 1260
cell
+27 72 250 9389
direct fax
+27 86 579 9398
e-mail
How did you do the transition? Did you install OSSEC server on the Xen system,
then add the clients to it and move them over?
Each client keeps track of (I think) how many messages it has sent to
the server.
The server also tracks this. That way if a client sends a message
labeled as #14
again
Are you seeing that message for all agents or just some?
Are there any common factors among the agents that have this problem
(ie. Windows only, Linux only, etc.)?
Can you try setting the allowed-ips directive in the server's ossec.conf?
On Tue, Dec 22, 2009 at 5:30 PM, Peter M. Abraham
On Wed, Dec 23, 2009 at 12:17 PM, Robert Lourenco
rob...@tradebridge.co.zawrote:
Hi
The link to installing Ossec on Centos does not work. And my installation
does not work either.
Diagnostics would help :)
--
$ echo kpfmAdpoofdufevq/dp/vl | perl -pe 's/(.)/chr(ord($1)-1)/ge'
Hello,
I found weird behaviour (bug or feature?).
If I specify named pipe to monitor
localfile
log_formatsyslog/log_format
location/var/log/squid/access.log/location
/localfile
ossec-monitord process keeps monitoring only this file switching
between wait and read. That's right no