i want to monitoring the last connections on a server.
I configuring last -10 command on a ossec.conf client
full_command
last 10
60
I need that the output of this command will send to the ossec server, but I
not watching any alert on the ossec wui.
can i need to configure
On Mon, Oct 3, 2016 at 6:07 PM, R0me0 *** wrote:
> Hello dan !
>
> Real monitoring still not working, but it could be regarding my ossec server
> running 2.8.3. After I upgraded agent to 2.9 ( which is that cloned ) it
> stopped to make sums ( md5 sha1 ) so I think is
Hi,
it looks like a firewall issue. You could run tcpdump in the Manager to see
if there are a connection between the manager and the agent.
Regards.
On Monday, October 3, 2016 at 10:02:52 AM UTC+2, Ali Khan wrote:
>
> Hi All,
>
> I am trying to use ossec-authd and agent-authd for auto agent
I'm not familiar with RRAS or Radius. If you share the logs, we can help
with decoders and rules for the events that you need.
On Monday, October 3, 2016 at 6:11:37 PM UTC+2, namobud...@gmail.com wrote:
>
> It looks like I want to monitor for windows event log source entries that
> have keyword
Hi again,
I don't really understand how it works if you don't have any OSSEC
listening to 1514, maybe you are mistaken the hosts. On my labs if I run
*netstat -tunlp*
The output for OSSEC will be:
> *udp0 0 0.0.0.0:15140.0.0.0:*
>
I don't think so. Check out the ossec.log of the agents that don't connect
to the Manager. Usually they do not connect due to: firewall, bad key or
duplicate counters (rids). The hostname should not be a problem.
On Friday, September 30, 2016 at 2:56:28 PM UTC+2, EvilZ wrote:
>
> Hi everyone i
Hi Jon,
This is an interesting test, I think we can get a lot of useful information
from here.
On my experience probably the bottleneck is on remoted socket/buffer or
logcollector speed performance to read each log line.
For Remoted, try to enable debug mode at the agent,
HI Pedro ,
I have already done all these things .Your and mine netstat results are
same. 1515 is in listening state and 1514 is also there. Sorry since
its(1514) a udp port so how can it be in listening mode. My bad.
udp0 0 0.0.0.0:15140.0.0.0:*
27560/ossec-remoted