Atomicorp

What version of OSSEC?

Were onto the 0.104.x tree, we werent planning to support 0.103.x. Are you unable to use 0.104.x?

1.after entering the server ip and the key how do i continue to connect them and make sure they are connected? The agent runs as a service, and will keep the agent connected to the hub as long as its running on the client. 2. how do i activate the program itself on the windows 10 agent? The installe...

Whats the specific message your OS generating?

On many distros, the python binary will be named after the version, for example the binary name may be:

python3.9

Instead of python.

If youre using Apache, and want all of the capabilities of modsecurity, use 2.9.x. 3.x does not have all of the features that 2.9.x does.

If youre using nginx, youll have to use 3.x, 2.9.x is not very stable with nginx.

Yes, aum works on Ubuntu. 20.04.

Install aum and it will install modsecurity for you.

Whats your process for testing the agent?

How did you provision the key for the agent?

Should be port 1514, is it trying 1415 on your system?

Yeah, thats a better option as the OS is what sets the outbound normally.

2021/05/31 14:06:16 ossec-remoted(2202): ERROR: Error uncompressing string. That means something tried to send a message of one size, and it was actually of another. Was this a device sending messages to the syslog listener on 514, or an agent on 1514, and if the later, which version and platform?

So this error means whatevers trying to connect isnt using the right protocol (which could be anything, nmap, telnet, etc.). If thats what you were doing, thats what that means. If not, what agent and version is running on the endpoint, and was this something trying to send events to the hub for sys...

In ASL/AP v6, we no longer use mysql, that however does not deprecate any functionality in ASL/AP.

easiest way is to start remoted from the command line and start it with -d which puts into debug mode.