Search found 8 matches

by pteros
Fri Jun 11, 2021 10:12 am
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 4268

Re: Ossec Agent stays in Never connected state

So next take a look in /var/ossec/etc/internal_options.conf and enable the debug settings for remoted. You can do the same on the agent side for agentd, and then see if the output there is helpful at all It doesn't seem to be that hepful. I've set remoted.debug=2 and agentd.debug=2 on the machines....
by pteros
Fri Jun 11, 2021 8:05 am
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 4268

Re: Ossec Agent stays in Never connected state

OK so at this point (correct me if any of these arent validated) 1. Key: Probably OK, unless theres a transcribing error. 2. remoted is listening on port UDP 1514 3. agent traffic is confirmed to be reaching the server on UDP 1514 Yes I can confirm all the 3 points above. Transcribing error is some...
by pteros
Thu Jun 10, 2021 11:56 am
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 4268

Re: Ossec Agent stays in Never connected state

How did you provision the key for the agent? The very same way I did for the other agents (that are working): added the agent on the server via manage_agents, extracted the key, copied in my clipboard, restarted ossec on the server, run manage_agents on the agent and pasted the key from my clipboar...
by pteros
Fri Jun 04, 2021 10:29 am
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 4268

Re: Ossec Agent stays in Never connected state

mikeshinn wrote: Thu Jun 03, 2021 3:28 pm Should be port 1514, is it trying 1415 on your system?
1514, eventually. My typo, sorry.
by pteros
Fri Jun 04, 2021 10:28 am
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 4268

Re: Ossec Agent stays in Never connected state

Hello, This error usually occurs when you have mistakes in config file, or if you have not given the proper key. Follow this, 1) go to rids folder in your ossec agent folder and delete the file with agent id you have just added eg. "001". If dont have any other agents simply delete all. 2...
by pteros
Thu Jun 03, 2021 9:37 am
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 4268

Re: Ossec Agent stays in Never connected state

The latter. It is trying to speak through port 1415.
This is the version:

Code: Select all

./ossec-agentd -V
 
OSSEC HIDS v3.6.0 - OSSEC Foundation
by pteros
Mon May 31, 2021 8:09 am
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 4268

Re: Ossec Agent stays in Never connected state

ok, I started it with -d -d -d -f and got: 2021/05/31 14:06:06 ossec-remoted(1403): ERROR: Incorrectly formatted message from '212.45.144.123'. 2021/05/31 14:06:12 ossec-remoted(1403): ERROR: Incorrectly formatted message from '212.45.144.123'. 2021/05/31 14:06:16 ossec-remoted(2202): ERROR: Error u...
by pteros
Thu May 20, 2021 12:58 pm
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 4268

Ossec Agent stays in Never connected state

Hello folks, I installed an ossec-hids agent on a freebsd PPC 12.2 using the binary package, via the pkg install ossec-hids-agent. Now I have a ossec-hids-agent-3.6.0_1 up and running, but it is not seen by the server which is seeing the other agents perfectly well (they are a bunch of freebsd intel...