Unable to connect with agent
51 views
Skip to first unread message
Akash Munjal
May 11, 2017, 8:56:26 AM5/11/17
to ossec-list
Hi All,
I can not receive alert from this agent(ID:1024). When i check the status it look like this.
Please help me out.
/var/ossec/bin/agent_control -i 1024
OSSEC HIDS agent_control. Agent information:
Agent ID: 1024
Agent Name: MMTC_UAT_APP1_X.X.X.X
IP address: any/any
Status: Never connected
Operating system: Unknown
Client version: Unknown
Last keep alive: Unknown
Syscheck last started at: Unknown
Rootcheck last started at: Unknown
Warm Regards.
Akashdeep Munjal
dan (ddp)
May 11, 2017, 8:49:27 PM5/11/17
to ossec...@googlegroups.com
traffic between the systems (ossec server and agent).
Restart the ossec server in debug mode (`/var/ossec/bin/ossec-control
enable debug && /var/ossec/bin/ossec-control restart`) and check the
ossec.log for details.
> Warm Regards.
> Akashdeep Munjal
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Akash Munjal
May 12, 2017, 4:45:41 AM5/12/17
to ossec-list
Hi dan,
Thanks for the response. I tried this, but problem remains same.
If you have another method to solve this please share.
Best Regards,
Akashdeep Munjal
Thanks for the response. I tried this, but problem remains same.
If you have another method to solve this please share.
Best Regards,
Akashdeep Munjal
dan (ddp)
May 12, 2017, 7:53:49 PM5/12/17
to ossec...@googlegroups.com
On Fri, May 12, 2017 at 4:45 AM, Akash Munjal <akashmu...@gmail.com> wrote:
> Hi dan,
>
> Thanks for the response. I tried this, but problem remains same.
> If you have another method to solve this please share.
>
I would have to find out what the problem is first.
> Hi dan,
>
> Thanks for the response. I tried this, but problem remains same.
> If you have another method to solve this please share.
>
You tried what?
What were the results?
Without any information I cannot help much.
> Best Regards,
Akash Munjal
May 16, 2017, 9:22:21 AM5/16/17
to ossec-list
Hi Dan Problem has been resolved now.
Thanks for your help.
Thanks for your help.
Akash Munjal
May 16, 2017, 9:33:15 AM5/16/17
to ossec-list
Hi Dan,
I want know, how ossec manager found that agent is disconnected.
Not by " /var/ossec/bin/agent_control -lc " this command.
I mean by their connection(or communication).
I want know, how ossec manager found that agent is disconnected.
Not by " /var/ossec/bin/agent_control -lc " this command.
I mean by their connection(or communication).
Pedro Sanchez
May 17, 2017, 4:35:50 AM5/17/17
to ossec...@googlegroups.com
An agent is connected if the manager received a keep alive on the past 30 minutes.
The agent sends (by default) a keep alive message every 10 minutes, everytime manager get a new keep alive, update an internal file for that particular agent, if the agent after three tries (30 minutes) don't reach the manager, manager will identify that agent as "Disconnected".
agent_control and, in general, disconnected/connected status is calculated by getting last modification date of agent-info files located in:
/var/ossec/queue/agent-info/
If the difference between an agent-info file and current time is greater than 30 minutes, the manager "switch" the status of that agent to Disconnected.
One funny trick is to update manually all the files in agent-info folder, then run agent_control -lc and look how all your agents seem "Active" haha.
Regards,
Pedro Sanchez.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
Akash Munjal
May 17, 2017, 6:55:32 AM5/17/17
to ossec-list
Thanks Pedro, really appreciable.
Reply all
Reply to author
Forward
0 new messages