Re: [ossec-list] cannot connect to ossec server on docker

Hi Ka-Hing Thanks for sharing! Regards --- Jose Luis Ruiz Wazuh Inc. j...@wazuh.com On August 26, 2016 at 9:44:23 PM, Ka-Hing Cheung (kah...@gmail.com) wrote: > Figured out the problem. It's a docker bug: > https://github.com/docker/docker/issues/7540 > > On Friday, August

Re: [ossec-list] cannot connect to ossec server on docker

Figured out the problem. It's a docker bug: https://github.com/docker/docker/issues/7540 On Friday, August 26, 2016 at 6:34:58 PM UTC-7, jose wrote: > > Did you try to add a new key to the agent already? > > Regards > --- > Jose Luis Ruiz > Wazuh Inc. > jo...@wazuh.com > >

Re: [ossec-list] cannot connect to ossec server on docker

Did you try to add a new key to the agent already? Regards --- Jose Luis Ruiz Wazuh Inc. j...@wazuh.com On August 26, 2016 at 9:19:52 PM, Ka-Hing Cheung (kah...@gmail.com) wrote: > From the agent container > > On Friday, August 26, 2016 at 6:16:23 PM UTC-7, jose wrote: >> >>

Re: [ossec-list] cannot connect to ossec server on docker

>From the agent container On Friday, August 26, 2016 at 6:16:23 PM UTC-7, jose wrote: > > Hi Ka-Hing > > When do you run the command nc -u 10.0.129.94 1514, this command is from > the agent container or the main server? > > Regards > --- > Jose Luis Ruiz > Wazuh Inc. >

Re: [ossec-list] cannot connect to ossec server on docker

Hi Ka-Hing When do you run the command nc -u 10.0.129.94 1514, this command is from the agent container or the main server? Regards --- Jose Luis Ruiz Wazuh Inc. j...@wazuh.com On August 26, 2016 at 7:14:50 PM, Ka-Hing Cheung (kah...@gmail.com) wrote: nc -u 10.0.129.94

Re: [ossec-list] cannot connect to ossec server on docker

It looks like the server is able to receive the messages, from tcpdump 23:10:06.123099 IP (tos 0x0, ttl 64, id 3755, offset 0, flags [DF], proto UDP (17), length 106) 172.17.42.1.54099 > 172.17.11.152.1514: UDP, length 78 23:10:06.123376 IP (tos 0x0, ttl 64, id 31027, offset 0, flags [DF],

Re: [ossec-list] cannot connect to ossec server on docker

Hi Jose, 3d71dacc22e0etleap/ossec:latest "/usr/bin/supervisor 20 hours agoUp 3 hours 0.0.0.0:1514->1514/udp, 0.0.0.0:1515->1515/tcp ossec Again, I can use nc to manually send an udp packet to the server

Re: [ossec-list] cannot connect to ossec server on docker

Hi Ka-hing First of all we need to know which command you use to run the container in order to know which ports are you mapping. Regards --- Jose Luis Ruiz Wazuh Inc. j...@wazuh.com On August 26, 2016 at 5:11:03 PM, Ka-Hing Cheung (kah...@gmail.com) wrote: > I have ossec

Re: [ossec-list] cannot connect to ossec server on docker

I can try that, but why do you think that's the problem? the server is not logging any connection attempt at all. On Friday, August 26, 2016 at 3:41:02 PM UTC-7, Eero Volotinen wrote: > > Try creating client key with correct ip addresa.. > > 27.8.2016 12.35 ap. "Ka-Hing Cheung"

Re: [ossec-list] cannot connect to ossec server on docker

Try creating client key with correct ip addresa.. 27.8.2016 12.35 ap. "Ka-Hing Cheung" kirjoitti: > I have ossec server and agent running in two different docker images. The > agent is not able to connect to the server: > > > 2016/08/26 20:56:25 ossec-agentd: INFO: Trying to

[ossec-list] cannot connect to ossec server on docker

I have ossec server and agent running in two different docker images. The agent is not able to connect to the server: 2016/08/26 20:56:25 ossec-agentd: INFO: Trying to connect to server (ossec. domain/10.0.129.94:1514). 2016/08/26 20:56:25 ossec-agentd: INFO: Using IPv4 for: 10.0.129.94 .

Re: [ossec-list] Modify rules.xml files best practice

On Fri, Aug 26, 2016 at 9:39 AM, Derek Day wrote: > I have hopefully an easily answered question regarding modifying some of the > rules.xml files that come with ossec. I guess my question centers around, > what is the best practice for doing something like that? i want to

[ossec-list] Modify rules.xml files best practice

I have hopefully an easily answered question regarding modifying some of the rules.xml files that come with ossec. I guess my question centers around, what is the best practice for doing something like that? i want to give certain windows eveint ID's higher levels and lower certain other ones.