i want to monitoring the last connections on a server.
I configuring last -10 command on a ossec.conf client
full_command
last 10
60
I need that the output of this command will send to the ossec server, but I
not watching any alert on the ossec wui.
can i need to configure
HI Pedro ,
I have already done all these things .Your and mine netstat results are
same. 1515 is in listening state and 1514 is also there. Sorry since
its(1514) a udp port so how can it be in listening mode. My bad.
udp0 0 0.0.0.0:15140.0.0.0:*
27560/ossec-remoted
On Mon, Oct 3, 2016 at 6:07 PM, R0me0 *** wrote:
> Hello dan !
>
> Real monitoring still not working, but it could be regarding my ossec server
> running 2.8.3. After I upgraded agent to 2.9 ( which is that cloned ) it
> stopped to make sums ( md5 sha1 ) so I think is
Hi Jon,
This is an interesting test, I think we can get a lot of useful information
from here.
On my experience probably the bottleneck is on remoted socket/buffer or
logcollector speed performance to read each log line.
For Remoted, try to enable debug mode at the agent,
Hi again,
I don't really understand how it works if you don't have any OSSEC
listening to 1514, maybe you are mistaken the hosts. On my labs if I run
*netstat -tunlp*
The output for OSSEC will be:
> *udp0 0 0.0.0.0:15140.0.0.0:*
>
I'm not familiar with RRAS or Radius. If you share the logs, we can help
with decoders and rules for the events that you need.
On Monday, October 3, 2016 at 6:11:37 PM UTC+2, namobud...@gmail.com wrote:
>
> It looks like I want to monitor for windows event log source entries that
> have keyword
I don't think so. Check out the ossec.log of the agents that don't connect
to the Manager. Usually they do not connect due to: firewall, bad key or
duplicate counters (rids). The hostname should not be a problem.
On Friday, September 30, 2016 at 2:56:28 PM UTC+2, EvilZ wrote:
>
> Hi everyone i
Hi,
it looks like a firewall issue. You could run tcpdump in the Manager to see
if there are a connection between the manager and the agent.
Regards.
On Monday, October 3, 2016 at 10:02:52 AM UTC+2, Ali Khan wrote:
>
> Hi All,
>
> I am trying to use ossec-authd and agent-authd for auto agent