When unexpected happens. After try many fixes multiple times, then send an e-mail to one of our mailing lists with the following information:
tater bug
root-laptop:/var/ossec/logs# /var/ossec/bin# cat
/etc/ossec-init.conf
-bash: /var/ossec/bin#: No such file or
directory
root-laptop:/var/ossec/logs# cat /etc/ossec-init.conf
DIRECTORY="/var/ossec"
VERSION="v3.6.0"
DATE="Sat
11 Jun 2022 03:51:41 PM
EDT"
TYPE="server"
root-laptop:/var/ossec/bin#
cat /var/ossec/etc/ossec.conf
root-laptop:/var/ossec/logs# cat
/etc/ossec-init.conf
DIRECTORY="/var/ossec"
VERSION="v3.6.0"
DATE="Sat
11 Jun 2022 03:51:41 PM
EDT"
TYPE="server"
root-laptop:/var/ossec/logs#
cat /var/ossec/etc/ossec.conf
<ossec_config>
<global>
<email_notification>no</email_notification>
</global>
<rules>
<include>rules_config.xml</include>
<include>pam_rules.xml</include>
<include>sshd_rules.xml</include>
<include>telnetd_rules.xml</include>
<include>syslog_rules.xml</include>
<include>arpwatch_rules.xml</include>
<include>symantec-av_rules.xml</include>
<include>symantec-ws_rules.xml</include>
<include>pix_rules.xml</include>
<include>named_rules.xml</include>
<include>smbd_rules.xml</include>
<include>vsftpd_rules.xml</include>
<include>pure-ftpd_rules.xml</include>
<include>proftpd_rules.xml</include>
<include>ms_ftpd_rules.xml</include>
<include>ftpd_rules.xml</include>
<include>hordeimp_rules.xml</include>
<include>roundcube_rules.xml</include>
<include>wordpress_rules.xml</include>
<include>cimserver_rules.xml</include>
<include>vpopmail_rules.xml</include>
<include>vmpop3d_rules.xml</include>
<include>courier_rules.xml</include>
<include>web_rules.xml</include>
<include>web_appsec_rules.xml</include>
<include>apache_rules.xml</include>
<include>nginx_rules.xml</include>
<include>php_rules.xml</include>
<include>mysql_rules.xml</include>
<include>postgresql_rules.xml</include>
<include>ids_rules.xml</include>
<include>squid_rules.xml</include>
<include>firewall_rules.xml</include>
<include>apparmor_rules.xml</include>
<include>cisco-ios_rules.xml</include>
<include>netscreenfw_rules.xml</include>
<include>sonicwall_rules.xml</include>
<include>postfix_rules.xml</include>
<include>sendmail_rules.xml</include>
<include>imapd_rules.xml</include>
<include>mailscanner_rules.xml</include>
<include>dovecot_rules.xml</include>
<include>ms-exchange_rules.xml</include>
<include>racoon_rules.xml</include>
<include>vpn_concentrator_rules.xml</include>
<include>spamd_rules.xml</include>
<include>msauth_rules.xml</include>
<include>mcafee_av_rules.xml</include>
<include>trend-osce_rules.xml</include>
<include>ms-se_rules.xml</include>
<!-- <include>policy_rules.xml</include> -->
<include>zeus_rules.xml</include>
<include>solaris_bsm_rules.xml</include>
<include>vmware_rules.xml</include>
<include>ms_dhcp_rules.xml</include>
<include>asterisk_rules.xml</include>
<include>ossec_rules.xml</include>
<include>attack_rules.xml</include>
<include>openbsd_rules.xml</include>
<include>clam_av_rules.xml</include>
<include>dropbear_rules.xml</include>
<include>sysmon_rules.xml</include>
<include>opensmtpd_rules.xml</include>
<include>exim_rules.xml</include>
<include>openbsd-dhcpd_rules.xml</include>
<include>dnsmasq_rules.xml</include>
<include>nsd_rules.xml</include>
<include>local_rules.xml</include>
</rules>
<syscheck>
<!-- Frequency that syscheck is executed - default to every 22
hours -->
<frequency>79200</frequency>
<!-- Directories to check (perform all possible
verifications) -->
<directories
check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories
check_all="yes">/bin,/sbin,/boot</directories>
<!-- Files/directories to ignore -->
<ignore>/etc/mtab</ignore>
<ignore>/etc/mnttab</ignore>
<ignore>/etc/hosts.deny</ignore>
<ignore>/etc/mail/statistics</ignore>
<ignore>/etc/random-seed</ignore>
<ignore>/etc/adjtime</ignore>
<ignore>/etc/httpd/logs</ignore>
<ignore>/etc/utmpx</ignore>
<ignore>/etc/wtmpx</ignore>
<ignore>/etc/cups/certs</ignore>
<ignore>/etc/dumpdates</ignore>
<ignore>/etc/svc/volatile</ignore>
<!-- Windows files to ignore -->
<ignore>C:\WINDOWS/System32/LogFiles</ignore>
<ignore>C:\WINDOWS/Debug</ignore>
<ignore>C:\WINDOWS/WindowsUpdate.log</ignore>
<ignore>C:\WINDOWS/iis6.log</ignore>
<ignore>C:\WINDOWS/system32/wbem/Logs</ignore>
<ignore>C:\WINDOWS/system32/wbem/Repository</ignore>
<ignore>C:\WINDOWS/Prefetch</ignore>
<ignore>C:\WINDOWS/PCHEALTH/HELPCTR/DataColl</ignore>
<ignore>C:\WINDOWS/SoftwareDistribution</ignore>
<ignore>C:\WINDOWS/Temp</ignore>
<ignore>C:\WINDOWS/system32/config</ignore>
<ignore>C:\WINDOWS/system32/spool</ignore>
<ignore>C:\WINDOWS/system32/CatRoot</ignore>
</syscheck>
<rootcheck>
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
<system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_rhel_linux_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt</system_audit>
</rootcheck>
<active-response>
<disabled>yes</disabled>
</active-response>
<remote>
<connection>syslog</connection>
</remote>
<remote>
<connection>secure</connection>
</remote>
<alerts>
<log_alert_level>1</log_alert_level>
</alerts>
<!-- Files to monitor (localfiles)
-->
<localfile>
<log_format>syslog</log_format>
<location>/var/log/auth.log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/syslog</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/dpkg.log</location>
</localfile>
<localfile>
<log_format>apache</log_format>
<location>/var/log/apache2/error.log</location>
</localfile>
<localfile>
<log_format>apache</log_format>
<location>/var/log/apache2/access.log</location>
</localfile>
<localfile>
<log_format>command</log_format>
<command>df -P</command>
</localfile>
<localfile>
<log_format>full_command</log_format>
<command>netstat -tan |grep LISTEN |egrep -v '(127.0.0.1| ::1)'
| sort</command>
</localfile>
<localfile>
<log_format>full_command</log_format>
<command>last -n 5</command>
</localfile>
</ossec_config>
root-laptop:/var/ossec/bin#
uname -a
Linux laptop 5.13.0-51-generic #58~20.04.1-Ubuntu SMP
Tue Jun 14 11:29:12 UTC 2022 x86_64 x86_64 x86_64
GNU/Linux
root-laptop:/var/ossec/bin#
###
##
Any other relevant
information.
###
****************************************
*
OSSEC HIDS v3.6.0 Agent manager. *
* The following
options are available: *
****************************************
(A)dd an agent (A).
(E)xtract key for an
agent (E).
(L)ist already added agents (L).
(R)emove an agent (R).
(Q)uit.
Choose
your action: A,E,L,R or Q: e
Available agents:
ID: 001, Name: D-XPS-WIN10, IP: 192.16.0.7
Provide the ID
of the agent to extract the key (or '\q' to quit): 001
Agent
key information for '001'
is:
MDAxIEQtWFBTLVdJTjEwIDE5Mi4xNi4wLjcgNjI4YTZiNGY0YWI1YjE4MjhlOTA2NjYzZjVjMmY3ZDA2MGRjMjNkMWIyMzcwMTc4NDZkOTgwY2I2ZDZmODYxYQ==
**
Press ENTER to return to the main menu.
OSSEC HIDS
list_agents: List available agents.
Available options:
-h This help message.
-a List all agents.
-c List the connected (active) agents.
-n List the not connected (active)
agents.
root-laptop:/var/ossec/bin# /var/ossec/bin/list_agents
-c
** No agent
available.
root-laptop:/var/ossec/bin#
/var/ossec/bin/list_agents -a
** No agent
available.
root-laptop:/var/ossec/bin#
/var/ossec/bin/list_agents -n
** No agent
available.
root-laptop:/var/ossec/bin#
### following
3 commands all executed within 7 seconds. Note status of
ossec-execd.
root-laptop:/var/ossec/bin# ./ossec-control
status
ossec-monitord is running...
ossec-logcollector is
running...
ossec-remoted is running...
ossec-syscheckd is
running...
ossec-analysisd is running...
ossec-execd not
running...
<<<<<<<<<<<<<<<<<<<<<
root-laptop:/var/ossec/bin#
./ossec-control restart
Killing ossec-monitord ..
Killing
ossec-logcollector ..
Killing ossec-remoted ..
Killing
ossec-syscheckd ..
Killing ossec-analysisd ..
ossec-maild
not running ..
ossec-execd not running ..
<<<<<<<<<<<<<<<<<<<
OSSEC
HIDS v3.6.0 Stopped
Starting OSSEC HIDS v3.6.0...
Started
ossec-execd...
<<<<<<<<<<<<<<<<<<
Started
ossec-analysisd...
Started ossec-logcollector...
Started
ossec-remoted...
Started ossec-syscheckd...
Started
ossec-monitord...
Completed.
root-laptop:/var/ossec/bin#
./ossec-control status
ossec-monitord is
running...
ossec-logcollector is running...
ossec-remoted
is running...
ossec-syscheckd is running...
ossec-analysisd
is running...
ossec-execd not running...
<<<<<<<<<<<<<<<<<<<
root-laptop:/var/ossec/bin#
###
server's iptables
sudo iptables -P INPUT DROP
sudo iptables
-P OUTPUT ACCEPT
sudo iptables -P FORWARD DROP
sudo
iptables -t nat -F
sudo iptables -t mangle -F
sudo iptables
-F
sudo iptables -X
sudo iptables -A INPUT -m
conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables
-A INPUT -p tcp -s 192.168.a.b --dport 22 -j
ACCEPT
sudo iptables -A INPUT -p tcp -s 192.168.a.b
--dport 8000 -j ACCEPT
sudo iptables -A INPUT -p tcp
-s 192.168.a.b --dport 8089 -j ACCEPT
sudo iptables -A
INPUT -p tcp -s 192.168.a.b --dport 9997 -j ACCEPT
sudo
iptables -A INPUT -p udp -s 192.168.a.b --dport 1514 -j
ACCEPT
sudo iptables -A OUTPUT -p udp -d 192.168.a.b --dport
1514 -j ACCEPT
### server's ossec.log
2022/06/15
11:09:24 ossec-syscheckd: INFO: Monitoring directory: '/usr/sbin',
with options perm | size | owner | group | md5sum |
sha1sum.
2022/06/15 11:09:24 ossec-syscheckd: INFO: Monitoring
directory: '/bin', with options perm | size | owner | group | md5sum
| sha1sum.
2022/06/15 11:09:24 ossec-syscheckd: INFO: Monitoring
directory: '/sbin', with options perm | size | owner | group | md5sum
| sha1sum.
2022/06/15 11:09:24 ossec-syscheckd: INFO: Monitoring
directory: '/boot', with options perm | size | owner | group | md5sum
| sha1sum.
2022/06/15 11:09:24 ossec-syscheckd: INFO: ignoring:
'/etc/mtab'
2022/06/15 11:09:24 ossec-syscheckd: INFO: ignoring:
'/etc/mnttab'
2022/06/15 11:09:24 ossec-syscheckd: INFO:
ignoring: '/etc/hosts.deny'
2022/06/15 11:09:24 ossec-syscheckd:
INFO: ignoring: '/etc/mail/statistics'
2022/06/15 11:09:24
ossec-syscheckd: INFO: ignoring: '/etc/random-seed'
2022/06/15
11:09:24 ossec-syscheckd: INFO: ignoring: '/etc/adjtime'
2022/06/15
11:09:24 ossec-syscheckd: INFO: ignoring:
'/etc/httpd/logs'
2022/06/15 11:09:24 ossec-syscheckd: INFO:
ignoring: '/etc/utmpx'
2022/06/15 11:09:24 ossec-syscheckd:
INFO: ignoring: '/etc/wtmpx'
2022/06/15 11:09:24
ossec-syscheckd: INFO: ignoring: '/etc/cups/certs'
2022/06/15
11:09:24 ossec-syscheckd: INFO: ignoring: '/etc/dumpdates'
2022/06/15
11:09:24 ossec-syscheckd: INFO: ignoring:
'/etc/svc/volatile'
2022/06/15 11:09:24 ossec-syscheckd: INFO:
ignoring: 'C:\WINDOWS/System32/LogFiles'
2022/06/15 11:09:24
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Debug'
2022/06/15
11:09:24 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/WindowsUpdate.log'
2022/06/15 11:09:24
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/iis6.log'
2022/06/15
11:09:24 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/wbem/Logs'
2022/06/15 11:09:24
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/wbem/Repository'
2022/06/15 11:09:24
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Prefetch'
2022/06/15
11:09:24 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2022/06/15 11:09:24
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/SoftwareDistribution'
2022/06/15 11:09:24
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Temp'
2022/06/15
11:09:24 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/config'
2022/06/15 11:09:24
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/spool'
2022/06/15 11:09:24 ossec-syscheckd:
INFO: ignoring: 'C:\WINDOWS/system32/CatRoot'
2022/06/15
11:09:25 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/auth.log'.
2022/06/15 11:09:25
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/syslog'.
2022/06/15 11:09:25 ossec-logcollector(1950):
INFO: Analyzing file: '/var/log/dpkg.log'.
2022/06/15 11:09:25
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/apache2/error.log'.
2022/06/15 11:09:25
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/apache2/access.log'.
2022/06/15 11:09:25
ossec-logcollector: INFO: Monitoring output of command(360): df
-P
2022/06/15 11:09:25 ossec-logcollector: INFO: Monitoring full
output of command(360): netstat -tan |grep LISTEN |egrep -v
'(127.0.0.1| ::1)' | sort
2022/06/15 11:09:25
ossec-logcollector: INFO: Monitoring full output of command(360):
last -n 5
2022/06/15 11:09:25 ossec-logcollector: INFO: Started
(pid: 29357).
2022/06/15 11:10:26 ossec-syscheckd: INFO:
Starting syscheck scan (forwarding database).
2022/06/15
11:10:26 ossec-syscheckd: INFO: Starting syscheck database
(pre-scan).
2022/06/15 11:25:32 ossec-syscheckd: INFO: Finished
creating syscheck database (pre-scan completed).
2022/06/15
11:25:44 ossec-syscheckd: INFO: Ending syscheck scan (forwarding
database).
2022/06/15 11:26:04 rootcheck: INFO: Starting
rootcheck scan.
2022/06/15 11:40:36 rootcheck: INFO: Ending
rootcheck scan.
2022/06/15 12:57:12 ossec-execd(1226): ERROR:
Error reading XML file 'ossec.conf': XMLERR: File 'ossec.conf' not
found. (line 0).
2022/06/15 12:58:04 ossec-execd(1350): INFO:
Active response disabled. Exiting.
2022/06/15 13:20:36
rootcheck: INFO: Starting rootcheck scan.
2022/06/15 13:34:42
rootcheck: INFO: Ending rootcheck scan.
2022/06/15 13:34:42
ossec-syscheckd: INFO: Starting syscheck scan.
2022/06/15
13:50:25 ossec-syscheckd: INFO: Ending syscheck scan.
2022/06/16
09:35:25 rootcheck: INFO: Starting rootcheck scan.
2022/06/16
09:48:57 rootcheck: INFO: Ending rootcheck scan.
2022/06/16
09:55:35 ossec-authd: INFO: Started (pid: 70338).
2022/06/16
09:55:35 Accepting connections. Random password chosen for agent
authentication: 1675f5994518879110af09dc18d648d1
2022/06/16
09:55:35 ossec-authd: ERROR: Unable to read certificate file (not
found): /var/ossec/etc/sslmanager.cert
2022/06/16 09:55:35
ossec-authd: ERROR: SSL error. Exiting.
2022/06/16 10:29:41
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 10:29:47 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 10:29:51
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 10:29:56 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 10:30:02
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 10:33:58 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 10:34:04
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 10:34:08 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 10:34:13
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 10:34:19 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 10:38:33
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 10:38:39 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 10:38:43
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 10:38:48 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 10:38:54
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 10:40:56 ossec-testrule: INFO: Reading local
decoder file.
2022/06/16 10:40:56 ossec-testrule: INFO: Started
(pid: 70804).
2022/06/16 10:40:56 ossec-execd(1350): INFO:
Active response disabled. Exiting.
2022/06/16 10:43:26
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 10:43:32 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 10:43:36
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 10:43:41 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 10:43:47
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 10:48:37 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 10:48:43
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 10:48:47 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 10:48:52
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 10:48:58 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 10:54:07
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 10:54:13 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 10:54:17
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 10:54:22 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 10:54:28
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 11:33:35 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 11:33:41
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 11:33:45 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 11:33:50
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 11:33:56 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 11:53:57
ossec-syscheckd: INFO: Starting syscheck scan.
2022/06/16
12:06:21 ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd'
not allowed.
2022/06/16 12:06:27 ossec-remoted(1213): WARN:
Message from '192.168.ccc.ddd' not allowed.
2022/06/16 12:06:31
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 12:06:36 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 12:06:42
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 12:09:40 ossec-syscheckd: INFO: Ending
syscheck scan.
2022/06/16 12:12:44 ossec-remoted(1213): WARN:
Message from '192.168.ccc.ddd' not allowed.
2022/06/16 12:12:50
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 12:12:54 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 12:12:59
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 12:13:05 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 12:34:01
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 12:34:07 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 12:34:11
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 12:34:16 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 12:34:22
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 12:41:00 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 12:41:06
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 12:41:10 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 12:41:15
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 12:41:21 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 12:48:17
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 12:48:23 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 12:48:27
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 12:48:32 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 12:48:38
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 12:55:52 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 12:55:58
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 12:56:02 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 12:56:07
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 12:56:13 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:00:10
ossec-testrule: INFO: Reading local decoder file.
2022/06/16
13:00:10 ossec-testrule: INFO: Started (pid: 71851).
2022/06/16
13:00:10 ossec-execd(1350): INFO: Active response disabled.
Exiting.
2022/06/16 13:03:46 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:03:52
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:03:56 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:04:01
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:04:07 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:11:57
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:12:03 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:12:07
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:12:12 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:12:18
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:20:26 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:20:32
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:20:36 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:20:41
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:20:47 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:29:13
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:29:19 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:29:23
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:29:28 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:29:34
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:38:18 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:38:24
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:38:28 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:38:33
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:38:39 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:47:41
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:47:47 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:47:51
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:47:56 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:48:02
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:57:22 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:57:28
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:57:32 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 13:57:37
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 13:57:43 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 14:07:21
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 14:07:27 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 14:07:31
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 14:07:36 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 14:07:42
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 14:17:38 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 14:17:44
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 14:17:48 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 14:17:53
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 14:17:59 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 14:28:13
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 14:28:19 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 14:28:23
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 14:28:28 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 14:28:34
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 14:39:06 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 14:39:12
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 14:39:16 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 14:39:21
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 14:39:27 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 14:50:17
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 14:50:23 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 14:50:27
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 14:50:32 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 14:50:38
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 15:01:46 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 15:01:52
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 15:01:56 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 15:02:02
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 15:02:08 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 15:13:34
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 15:13:40 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 15:13:44
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 15:13:49 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 15:13:55
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 15:25:39 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 15:25:45
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 15:25:49 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 15:25:54
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 15:26:00 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 15:39:08
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 15:39:14 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 15:39:18
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 15:39:23 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 15:39:29
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 15:51:49 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 15:51:55
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 15:51:59 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 15:52:04
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 15:52:10 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 16:14:53
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 16:14:59 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 16:15:03
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 16:15:08 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 16:15:14
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 16:28:10 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 16:28:16
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 16:28:20 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 16:28:25
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 16:28:31 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 16:41:45
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 16:41:51 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 16:41:55
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 16:42:00 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 16:42:06
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 16:55:38 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 16:55:44
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 16:55:48 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 16:55:53
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 16:55:59 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 16:58:49
ossec-monitord(1225): INFO: SIGNAL [(15)-(Terminated)] Received. Exit
Cleaning...
2022/06/16 16:58:49 ossec-logcollector(1225): INFO:
SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...
2022/06/16
16:58:49 ossec-remoted(1225): INFO: SIGNAL [(15)-(Terminated)]
Received. Exit Cleaning...
2022/06/16 16:58:49
ossec-syscheckd(1225): INFO: SIGNAL [(15)-(Terminated)] Received.
Exit Cleaning...
2022/06/16 16:58:49 ossec-analysisd(1225):
INFO: SIGNAL [(15)-(Terminated)] Received. Exit
Cleaning...
2022/06/16 16:58:50 ossec-testrule: INFO: Reading
local decoder file.
2022/06/16 16:58:50 ossec-testrule: INFO:
Started (pid: 73704).
2022/06/16 16:58:50 ossec-execd(1350):
INFO: Active response disabled. Exiting.
2022/06/16 16:58:50
ossec-remoted: INFO: Started (pid: 73729).
2022/06/16 16:58:50
IPv6: :: on port 1514
2022/06/16 16:58:50 Socket bound for IPv6:
:: on port 1514
2022/06/16 16:58:50 ossec-remoted: INFO: Started
(pid: 73731).
2022/06/16 16:58:50 ossec-remoted(1501): ERROR: No
IP or network allowed in the access list for syslog. No reason for
running it. Exiting.
2022/06/16 16:58:50 ossec-analysisd: INFO:
Reading local decoder file.
2022/06/16 16:58:50 ossec-analysisd:
INFO: Reading rules file: 'rules_config.xml'
2022/06/16 16:58:50
ossec-analysisd: INFO: Reading rules file: 'pam_rules.xml'
2022/06/16
16:58:50 ossec-analysisd: INFO: Reading rules file:
'sshd_rules.xml'
2022/06/16 16:58:50 ossec-analysisd: INFO:
Reading rules file: 'telnetd_rules.xml'
2022/06/16 16:58:50
ossec-analysisd: INFO: Reading rules file:
'syslog_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'arpwatch_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'symantec-av_rules.xml'
2022/06/16 16:58:51 ossec-analysisd:
INFO: Reading rules file: 'symantec-ws_rules.xml'
2022/06/16
16:58:51 ossec-analysisd: INFO: Reading rules file:
'pix_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'named_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'smbd_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'vsftpd_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'pure-ftpd_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'proftpd_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'ms_ftpd_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'ftpd_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'hordeimp_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'roundcube_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'wordpress_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'cimserver_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'vpopmail_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'vmpop3d_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'courier_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'web_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'web_appsec_rules.xml'
2022/06/16 16:58:51 ossec-analysisd:
INFO: Reading rules file: 'apache_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'nginx_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'php_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'mysql_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'postgresql_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file: 'ids_rules.xml'
2022/06/16
16:58:51 ossec-analysisd: INFO: Reading rules file:
'squid_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'firewall_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'apparmor_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'cisco-ios_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'netscreenfw_rules.xml'
2022/06/16 16:58:51 ossec-analysisd:
INFO: Reading rules file: 'sonicwall_rules.xml'
2022/06/16
16:58:51 ossec-analysisd: INFO: Reading rules file:
'postfix_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'sendmail_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'imapd_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'mailscanner_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'dovecot_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'ms-exchange_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'racoon_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'vpn_concentrator_rules.xml'
2022/06/16
16:58:51 ossec-analysisd: INFO: Reading rules file:
'spamd_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'msauth_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'mcafee_av_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'trend-osce_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'ms-se_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'zeus_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'solaris_bsm_rules.xml'
2022/06/16 16:58:51 ossec-analysisd:
INFO: Reading rules file: 'vmware_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'ms_dhcp_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'asterisk_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'ossec_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'attack_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'openbsd_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'clam_av_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'dropbear_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'sysmon_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'opensmtpd_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'exim_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Reading rules file:
'openbsd-dhcpd_rules.xml'
2022/06/16 16:58:51 ossec-analysisd:
INFO: Reading rules file: 'dnsmasq_rules.xml'
2022/06/16
16:58:51 ossec-analysisd: INFO: Reading rules file:
'nsd_rules.xml'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Reading rules file: 'local_rules.xml'
2022/06/16 16:58:51
ossec-analysisd: INFO: Total rules enabled: '1606'
2022/06/16
16:58:51 ossec-analysisd: INFO: Ignoring file: '/etc/mtab'
2022/06/16
16:58:51 ossec-analysisd: INFO: Ignoring file:
'/etc/mnttab'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Ignoring file: '/etc/hosts.deny'
2022/06/16 16:58:51
ossec-analysisd: INFO: Ignoring file:
'/etc/mail/statistics'
2022/06/16 16:58:51 ossec-analysisd:
INFO: Ignoring file: '/etc/random-seed'
2022/06/16 16:58:51
ossec-analysisd: INFO: Ignoring file: '/etc/adjtime'
2022/06/16
16:58:51 ossec-analysisd: INFO: Ignoring file:
'/etc/httpd/logs'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Ignoring file: '/etc/utmpx'
2022/06/16 16:58:51 ossec-analysisd:
INFO: Ignoring file: '/etc/wtmpx'
2022/06/16 16:58:51
ossec-analysisd: INFO: Ignoring file: '/etc/cups/certs'
2022/06/16
16:58:51 ossec-analysisd: INFO: Ignoring file:
'/etc/dumpdates'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Ignoring file: '/etc/svc/volatile'
2022/06/16 16:58:51
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/System32/LogFiles'
2022/06/16 16:58:51
ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Debug'
2022/06/16
16:58:51 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/WindowsUpdate.log'
2022/06/16 16:58:51
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/iis6.log'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Ignoring file: 'C:\WINDOWS/system32/wbem/Logs'
2022/06/16
16:58:51 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/wbem/Repository'
2022/06/16 16:58:51
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/Prefetch'
2022/06/16 16:58:51 ossec-analysisd: INFO:
Ignoring file: 'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2022/06/16
16:58:51 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/SoftwareDistribution'
2022/06/16 16:58:51
ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Temp'
2022/06/16
16:58:51 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/config'
2022/06/16 16:58:51
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/spool'
2022/06/16 16:58:51 ossec-analysisd:
INFO: Ignoring file: 'C:\WINDOWS/system32/CatRoot'
2022/06/16
16:58:51 ossec-analysisd: INFO: Started (pid: 73721).
2022/06/16
16:58:51 ossec-monitord: INFO: Started (pid: 73741).
2022/06/16
16:58:52 ossec-remoted(4111): INFO: Maximum number of agents allowed:
'2048'.
2022/06/16 16:58:52 ossec-remoted(1410): INFO: Reading
authentication keys file.
2022/06/16 16:58:52 ossec-remoted:
INFO: No previous counter available for 'D-XPS-WIN10'.
2022/06/16
16:58:52 ossec-remoted: INFO: Assigning counter for agent
D-XPS-WIN10: '0:0'.
2022/06/16 16:58:52 ossec-remoted: INFO: No
previous sender counter.
2022/06/16 16:58:52 ossec-remoted:
INFO: Assigning sender counter: 0:0
2022/06/16 16:58:55
ossec-syscheckd: INFO: Started (pid: 73737).
2022/06/16 16:58:55
ossec-rootcheck: INFO: Started (pid: 73737).
2022/06/16 16:58:55
ossec-syscheckd: INFO: Monitoring directory: '/etc', with options
perm | size | owner | group | md5sum | sha1sum.
2022/06/16
16:58:55 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin',
with options perm | size | owner | group | md5sum |
sha1sum.
2022/06/16 16:58:55 ossec-syscheckd: INFO: Monitoring
directory: '/usr/sbin', with options perm | size | owner | group |
md5sum | sha1sum.
2022/06/16 16:58:55 ossec-syscheckd: INFO:
Monitoring directory: '/bin', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 16:58:55 ossec-syscheckd:
INFO: Monitoring directory: '/sbin', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/16 16:58:55 ossec-syscheckd:
INFO: Monitoring directory: '/boot', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/16 16:58:55 ossec-syscheckd:
INFO: ignoring: '/etc/mtab'
2022/06/16 16:58:55 ossec-syscheckd:
INFO: ignoring: '/etc/mnttab'
2022/06/16 16:58:55
ossec-syscheckd: INFO: ignoring: '/etc/hosts.deny'
2022/06/16
16:58:55 ossec-syscheckd: INFO: ignoring:
'/etc/mail/statistics'
2022/06/16 16:58:55 ossec-syscheckd:
INFO: ignoring: '/etc/random-seed'
2022/06/16 16:58:55
ossec-syscheckd: INFO: ignoring: '/etc/adjtime'
2022/06/16
16:58:55 ossec-syscheckd: INFO: ignoring:
'/etc/httpd/logs'
2022/06/16 16:58:55 ossec-syscheckd: INFO:
ignoring: '/etc/utmpx'
2022/06/16 16:58:55 ossec-syscheckd:
INFO: ignoring: '/etc/wtmpx'
2022/06/16 16:58:55
ossec-syscheckd: INFO: ignoring: '/etc/cups/certs'
2022/06/16
16:58:55 ossec-syscheckd: INFO: ignoring: '/etc/dumpdates'
2022/06/16
16:58:55 ossec-syscheckd: INFO: ignoring:
'/etc/svc/volatile'
2022/06/16 16:58:55 ossec-syscheckd: INFO:
ignoring: 'C:\WINDOWS/System32/LogFiles'
2022/06/16 16:58:55
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Debug'
2022/06/16
16:58:55 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/WindowsUpdate.log'
2022/06/16 16:58:55
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/iis6.log'
2022/06/16
16:58:55 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/wbem/Logs'
2022/06/16 16:58:55
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/wbem/Repository'
2022/06/16 16:58:55
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Prefetch'
2022/06/16
16:58:55 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2022/06/16 16:58:55
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/SoftwareDistribution'
2022/06/16 16:58:55
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Temp'
2022/06/16
16:58:55 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/config'
2022/06/16 16:58:55
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/spool'
2022/06/16 16:58:55 ossec-syscheckd:
INFO: ignoring: 'C:\WINDOWS/system32/CatRoot'
2022/06/16
16:58:56 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/auth.log'.
2022/06/16 16:58:56
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/syslog'.
2022/06/16 16:58:56 ossec-logcollector(1950):
INFO: Analyzing file: '/var/log/dpkg.log'.
2022/06/16 16:58:56
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/apache2/error.log'.
2022/06/16 16:58:56
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/apache2/access.log'.
2022/06/16 16:58:56
ossec-logcollector: INFO: Monitoring output of command(360): df
-P
2022/06/16 16:58:56 ossec-logcollector: INFO: Monitoring full
output of command(360): netstat -tan |grep LISTEN |egrep -v
'(127.0.0.1| ::1)' | sort
2022/06/16 16:58:56
ossec-logcollector: INFO: Monitoring full output of command(360):
last -n 5
2022/06/16 16:58:56 ossec-logcollector: INFO: Started
(pid: 73725).
2022/06/16 16:59:57 ossec-syscheckd: INFO:
Starting syscheck scan (forwarding database).
2022/06/16
16:59:57 ossec-syscheckd: INFO: Starting syscheck database
(pre-scan).
2022/06/16 17:09:49 ossec-remoted(1213): WARN:
Message from '192.168.ccc.ddd' not allowed.
2022/06/16 17:09:55
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 17:09:59 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 17:10:04
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 17:10:10 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 17:15:08
ossec-syscheckd: INFO: Finished creating syscheck database (pre-scan
completed).
2022/06/16 17:15:20 ossec-syscheckd: INFO: Ending
syscheck scan (forwarding database).
2022/06/16 17:15:40
rootcheck: INFO: Starting rootcheck scan.
2022/06/16 17:24:18
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 17:24:24 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 17:24:28
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 17:24:33 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 17:24:39
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 17:28:51 rootcheck: INFO: Ending rootcheck
scan.
2022/06/16 17:39:05 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 17:39:11
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 17:39:15 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 17:39:20
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 17:39:26 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 18:56:38
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 18:56:44 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 18:56:48
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 18:56:53 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 18:56:59
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 19:12:01 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 19:12:07
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 19:12:11 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 19:12:16
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 19:12:22 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 19:27:42
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 19:27:48 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 19:27:52
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 19:27:57 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 19:28:03
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 19:43:41 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 19:43:48
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 19:43:52 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 19:43:57
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 19:44:03 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 20:00:46
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 20:00:52 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 20:00:56
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 20:01:01 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 20:01:07
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 20:26:06 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 20:26:12
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 20:26:16 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 20:26:21
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 20:26:27 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 20:42:59
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 20:43:05 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 20:43:09
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 20:43:14 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 20:43:20
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 21:00:10 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 21:00:16
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 21:00:21 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 21:00:35
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 21:48:22 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 21:48:28
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 21:48:32 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 21:48:37
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 21:48:43 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 21:49:08
ossec-remoted(1225): INFO: SIGNAL [(15)-(Terminated)] Received. Exit
Cleaning...
2022/06/16 21:49:08 ossec-analysisd(1225): INFO:
SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...
2022/06/16
21:49:08 ossec-monitord(1225): INFO: SIGNAL [(15)-(Terminated)]
Received. Exit Cleaning...
2022/06/16 21:49:08
ossec-syscheckd(1225): INFO: SIGNAL [(15)-(Terminated)] Received.
Exit Cleaning...
2022/06/16 21:49:08 ossec-logcollector(1225):
INFO: SIGNAL [(15)-(Terminated)] Received. Exit
Cleaning...
2022/06/16 22:03:44 ossec-testrule: INFO: Reading
local decoder file.
2022/06/16 22:03:46 ossec-testrule: INFO:
Started (pid: 939).
2022/06/16 22:03:47 ossec-execd(1350): INFO:
Active response disabled. Exiting.
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading local decoder file.
2022/06/16
22:03:47 ossec-analysisd: INFO: Reading rules file:
'rules_config.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'pam_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'sshd_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'telnetd_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'syslog_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'arpwatch_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'symantec-av_rules.xml'
2022/06/16 22:03:47 ossec-analysisd:
INFO: Reading rules file: 'symantec-ws_rules.xml'
2022/06/16
22:03:47 ossec-analysisd: INFO: Reading rules file:
'pix_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'named_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'smbd_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'vsftpd_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'pure-ftpd_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'proftpd_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'ms_ftpd_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'ftpd_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'hordeimp_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'roundcube_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'wordpress_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'cimserver_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'vpopmail_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'vmpop3d_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'courier_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'web_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'web_appsec_rules.xml'
2022/06/16 22:03:47 ossec-analysisd:
INFO: Reading rules file: 'apache_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'nginx_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'php_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'mysql_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'postgresql_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file: 'ids_rules.xml'
2022/06/16
22:03:47 ossec-analysisd: INFO: Reading rules file:
'squid_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'firewall_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'apparmor_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'cisco-ios_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'netscreenfw_rules.xml'
2022/06/16 22:03:47 ossec-analysisd:
INFO: Reading rules file: 'sonicwall_rules.xml'
2022/06/16
22:03:47 ossec-analysisd: INFO: Reading rules file:
'postfix_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'sendmail_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'imapd_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'mailscanner_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'dovecot_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'ms-exchange_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'racoon_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'vpn_concentrator_rules.xml'
2022/06/16
22:03:47 ossec-analysisd: INFO: Reading rules file:
'spamd_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'msauth_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'mcafee_av_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'trend-osce_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'ms-se_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'zeus_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'solaris_bsm_rules.xml'
2022/06/16 22:03:47 ossec-analysisd:
INFO: Reading rules file: 'vmware_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'ms_dhcp_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'asterisk_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'ossec_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'attack_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'openbsd_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'clam_av_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'dropbear_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'sysmon_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'opensmtpd_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'exim_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Reading rules file:
'openbsd-dhcpd_rules.xml'
2022/06/16 22:03:47 ossec-analysisd:
INFO: Reading rules file: 'dnsmasq_rules.xml'
2022/06/16
22:03:47 ossec-analysisd: INFO: Reading rules file:
'nsd_rules.xml'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Reading rules file: 'local_rules.xml'
2022/06/16 22:03:47
ossec-analysisd: INFO: Total rules enabled: '1606'
2022/06/16
22:03:47 ossec-analysisd: INFO: Ignoring file: '/etc/mtab'
2022/06/16
22:03:47 ossec-analysisd: INFO: Ignoring file:
'/etc/mnttab'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Ignoring file: '/etc/hosts.deny'
2022/06/16 22:03:47
ossec-analysisd: INFO: Ignoring file:
'/etc/mail/statistics'
2022/06/16 22:03:47 ossec-analysisd:
INFO: Ignoring file: '/etc/random-seed'
2022/06/16 22:03:47
ossec-analysisd: INFO: Ignoring file: '/etc/adjtime'
2022/06/16
22:03:47 ossec-analysisd: INFO: Ignoring file:
'/etc/httpd/logs'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Ignoring file: '/etc/utmpx'
2022/06/16 22:03:47 ossec-analysisd:
INFO: Ignoring file: '/etc/wtmpx'
2022/06/16 22:03:47
ossec-analysisd: INFO: Ignoring file: '/etc/cups/certs'
2022/06/16
22:03:47 ossec-analysisd: INFO: Ignoring file:
'/etc/dumpdates'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Ignoring file: '/etc/svc/volatile'
2022/06/16 22:03:47
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/System32/LogFiles'
2022/06/16 22:03:47
ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Debug'
2022/06/16
22:03:47 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/WindowsUpdate.log'
2022/06/16 22:03:47
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/iis6.log'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Ignoring file: 'C:\WINDOWS/system32/wbem/Logs'
2022/06/16
22:03:47 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/wbem/Repository'
2022/06/16 22:03:47
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/Prefetch'
2022/06/16 22:03:47 ossec-analysisd: INFO:
Ignoring file: 'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2022/06/16
22:03:47 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/SoftwareDistribution'
2022/06/16 22:03:47
ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Temp'
2022/06/16
22:03:47 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/config'
2022/06/16 22:03:47
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/spool'
2022/06/16 22:03:47 ossec-analysisd:
INFO: Ignoring file: 'C:\WINDOWS/system32/CatRoot'
2022/06/16
22:03:47 ossec-analysisd: INFO: Started (pid: 1013).
2022/06/16
22:03:47 ossec-remoted: INFO: Started (pid: 1023).
2022/06/16
22:03:47 ossec-remoted(1501): ERROR: No IP or network allowed in the
access list for syslog. No reason for running it. Exiting.
2022/06/16
22:03:47 IPv6: :: on port 1514
2022/06/16 22:03:47 Socket bound
for IPv6: :: on port 1514
2022/06/16 22:03:47 ossec-remoted:
INFO: Started (pid: 1026).
2022/06/16 22:03:47 ossec-monitord:
INFO: Started (pid: 1033).
2022/06/16 22:03:48
ossec-remoted(4111): INFO: Maximum number of agents allowed:
'2048'.
2022/06/16 22:03:48 ossec-remoted(1410): INFO: Reading
authentication keys file.
2022/06/16 22:03:48 ossec-remoted:
INFO: No previous counter available for 'D-XPS-WIN10'.
2022/06/16
22:03:48 ossec-remoted: INFO: Assigning counter for agent
D-XPS-WIN10: '0:0'.
2022/06/16 22:03:48 ossec-remoted: INFO: No
previous sender counter.
2022/06/16 22:03:48 ossec-remoted:
INFO: Assigning sender counter: 0:0
2022/06/16 22:03:51
ossec-syscheckd: INFO: Started (pid: 1029).
2022/06/16 22:03:51
ossec-rootcheck: INFO: Started (pid: 1029).
2022/06/16 22:03:51
ossec-syscheckd: INFO: Monitoring directory: '/etc', with options
perm | size | owner | group | md5sum | sha1sum.
2022/06/16
22:03:51 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin',
with options perm | size | owner | group | md5sum |
sha1sum.
2022/06/16 22:03:51 ossec-syscheckd: INFO: Monitoring
directory: '/usr/sbin', with options perm | size | owner | group |
md5sum | sha1sum.
2022/06/16 22:03:51 ossec-syscheckd: INFO:
Monitoring directory: '/bin', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 22:03:51 ossec-syscheckd:
INFO: Monitoring directory: '/sbin', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/16 22:03:51 ossec-syscheckd:
INFO: Monitoring directory: '/boot', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/16 22:03:51 ossec-syscheckd:
INFO: ignoring: '/etc/mtab'
2022/06/16 22:03:51 ossec-syscheckd:
INFO: ignoring: '/etc/mnttab'
2022/06/16 22:03:51
ossec-syscheckd: INFO: ignoring: '/etc/hosts.deny'
2022/06/16
22:03:51 ossec-syscheckd: INFO: ignoring:
'/etc/mail/statistics'
2022/06/16 22:03:51 ossec-syscheckd:
INFO: ignoring: '/etc/random-seed'
2022/06/16 22:03:51
ossec-syscheckd: INFO: ignoring: '/etc/adjtime'
2022/06/16
22:03:51 ossec-syscheckd: INFO: ignoring:
'/etc/httpd/logs'
2022/06/16 22:03:51 ossec-syscheckd: INFO:
ignoring: '/etc/utmpx'
2022/06/16 22:03:51 ossec-syscheckd:
INFO: ignoring: '/etc/wtmpx'
2022/06/16 22:03:51
ossec-syscheckd: INFO: ignoring: '/etc/cups/certs'
2022/06/16
22:03:51 ossec-syscheckd: INFO: ignoring: '/etc/dumpdates'
2022/06/16
22:03:51 ossec-syscheckd: INFO: ignoring:
'/etc/svc/volatile'
2022/06/16 22:03:51 ossec-syscheckd: INFO:
ignoring: 'C:\WINDOWS/System32/LogFiles'
2022/06/16 22:03:51
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Debug'
2022/06/16
22:03:51 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/WindowsUpdate.log'
2022/06/16 22:03:51
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/iis6.log'
2022/06/16
22:03:51 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/wbem/Logs'
2022/06/16 22:03:51
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/wbem/Repository'
2022/06/16 22:03:51
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Prefetch'
2022/06/16
22:03:51 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2022/06/16 22:03:51
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/SoftwareDistribution'
2022/06/16 22:03:51
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Temp'
2022/06/16
22:03:51 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/config'
2022/06/16 22:03:51
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/spool'
2022/06/16 22:03:51 ossec-syscheckd:
INFO: ignoring: 'C:\WINDOWS/system32/CatRoot'
2022/06/16
22:03:53 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/auth.log'.
2022/06/16 22:03:53
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/syslog'.
2022/06/16 22:03:53 ossec-logcollector(1950):
INFO: Analyzing file: '/var/log/dpkg.log'.
2022/06/16 22:03:53
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/apache2/error.log'.
2022/06/16 22:03:53
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/apache2/access.log'.
2022/06/16 22:03:53
ossec-logcollector: INFO: Monitoring output of command(360): df
-P
2022/06/16 22:03:53 ossec-logcollector: INFO: Monitoring full
output of command(360): netstat -tan |grep LISTEN |egrep -v
'(127.0.0.1| ::1)' | sort
2022/06/16 22:03:53
ossec-logcollector: INFO: Monitoring full output of command(360):
last -n 5
2022/06/16 22:03:53 ossec-logcollector: INFO: Started
(pid: 1019).
2022/06/16 22:04:53 ossec-syscheckd: INFO: Starting
syscheck scan (forwarding database).
2022/06/16 22:04:53
ossec-syscheckd: INFO: Starting syscheck database
(pre-scan).
2022/06/16 22:06:09 ossec-remoted(1213): WARN:
Message from '192.168.ccc.ddd' not allowed.
2022/06/16 22:06:15
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 22:06:19 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 22:06:24
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 22:06:30 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 22:20:30
ossec-syscheckd: INFO: Finished creating syscheck database (pre-scan
completed).
2022/06/16 22:20:42 ossec-syscheckd: INFO: Ending
syscheck scan (forwarding database).
2022/06/16 22:21:02
rootcheck: INFO: Starting rootcheck scan.
2022/06/16 22:24:14
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 22:24:20 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 22:24:24
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 22:24:29 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 22:24:35
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 22:33:50 rootcheck: INFO: Ending rootcheck
scan.
2022/06/16 23:00:26 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 23:00:32
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 23:00:36 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 23:00:41
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 23:00:47 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 23:19:07
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 23:19:22 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/16 23:23:17
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/16 23:23:23 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/17 07:39:33
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/17 07:39:39 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/17 07:39:43
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/17 07:39:48 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/17 07:39:54
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/17 08:43:53 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/17 08:43:59
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/17 08:44:03 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/17 08:44:08
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/17 08:44:14 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/17 09:04:22
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/17 09:18:49 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/17 09:18:54
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/17 09:19:00 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/17 09:39:26
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/17 09:39:32 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/17 09:39:36
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/17 09:39:41 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/17 09:39:47
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/17 10:00:31 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/17 10:00:37
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/17 10:00:41 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/17 10:00:46
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/17 10:00:52 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/17 10:27:42
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/17 10:27:48 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/17 10:27:52
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/17 18:38:50 rootcheck: INFO: Starting rootcheck
scan.
2022/06/17 18:51:20 rootcheck: INFO: Ending rootcheck
scan.
2022/06/17 20:21:20 ossec-syscheckd: INFO: Starting
syscheck scan.
2022/06/17 20:37:03 ossec-syscheckd: INFO: Ending
syscheck scan.
2022/06/18 14:52:03 rootcheck: INFO: Starting
rootcheck scan.
2022/06/18 15:07:31 rootcheck: INFO: Ending
rootcheck scan.
2022/06/18 18:37:31 ossec-syscheckd: INFO:
Starting syscheck scan.
2022/06/18 18:53:15 ossec-syscheckd:
INFO: Ending syscheck scan.
2022/06/19 11:08:15 rootcheck: INFO:
Starting rootcheck scan.
2022/06/19 11:23:25 rootcheck: INFO:
Ending rootcheck scan.
2022/06/19 16:53:25 ossec-syscheckd:
INFO: Starting syscheck scan.
2022/06/19 16:57:17
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 16:57:23 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 16:57:27
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 16:57:32 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 16:57:38
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 17:09:08 ossec-syscheckd: INFO: Ending
syscheck scan.
2022/06/19 17:32:10 ossec-remoted(1213): WARN:
Message from '192.168.ccc.ddd' not allowed.
2022/06/19 17:32:16
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 17:32:20 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 17:32:25
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 17:32:31 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 19:20:28
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 19:20:34 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 19:20:38
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 19:20:43 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 19:20:49
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 19:58:28 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 19:58:34
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 19:58:38 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 19:58:43
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 19:58:49 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 20:34:15
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 20:34:21 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 20:34:25
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 20:34:30 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 20:34:36
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 21:10:20 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 21:10:26
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 21:10:30 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 21:10:35
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 21:10:41 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 21:46:43
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 21:46:49 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 21:46:53
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 21:46:58 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 21:47:04
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 22:23:24 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 22:23:30
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 22:23:34 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/19 22:23:39
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/19 22:23:45 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 06:48:37
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 06:48:43 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 06:48:47
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 06:48:52 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 06:48:58
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 07:24:08 rootcheck: INFO: Starting rootcheck
scan.
2022/06/20 07:30:16 rootcheck: INFO: Ending rootcheck
scan.
2022/06/20 08:15:35 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 08:15:41
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 08:15:45 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 08:15:50
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 08:15:56 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 08:53:28
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 08:53:34 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 08:53:38
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 08:53:43 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 08:53:49
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 09:33:13 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 09:33:19
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 09:33:23 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 09:33:28
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 09:33:34 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 10:18:05
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 10:18:11 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 10:18:15
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 10:18:20 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 10:18:26
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 10:56:52 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 10:56:58
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 10:57:02 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 10:57:07
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 10:57:13 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 11:35:57
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 11:36:03 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 11:36:07
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 11:36:12 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 11:36:18
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 14:34:06 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 14:34:12
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 14:34:16 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 14:34:21
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 14:34:27 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 15:10:16
ossec-syscheckd: INFO: Starting syscheck scan.
2022/06/20
15:13:47 ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd'
not allowed.
2022/06/20 15:13:53 ossec-remoted(1213): WARN:
Message from '192.168.ccc.ddd' not allowed.
2022/06/20 15:13:57
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 15:14:02 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 15:14:08
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 15:26:00 ossec-syscheckd: INFO: Ending
syscheck scan.
2022/06/20 15:53:46 ossec-remoted(1213): WARN:
Message from '192.168.ccc.ddd' not allowed.
2022/06/20 15:53:52
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 15:53:56 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 15:54:01
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 15:54:07 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 16:34:03
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 16:34:09 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 16:34:13
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 16:34:18 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 16:34:24
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 17:14:38 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 17:14:44
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 17:14:48 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 17:14:53
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 17:14:59 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 19:03:42
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 19:03:48 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 19:03:52
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 19:03:57 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 19:04:03
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 20:31:49 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 20:31:55
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 20:31:59 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 20:32:04
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 20:32:10 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 21:13:18
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 21:13:24 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 21:13:28
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 21:13:33 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 21:13:39
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 21:55:05 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 21:55:11
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 21:55:15 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/20 21:55:20
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/20 21:55:26 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 03:31:00
rootcheck: INFO: Starting rootcheck scan.
2022/06/21 03:37:08
rootcheck: INFO: Ending rootcheck scan.
2022/06/21 09:20:37
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 09:20:43 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 09:20:47
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 09:20:52 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 09:20:58
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 13:04:25 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 13:04:31
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 13:04:35 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 13:04:40
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 13:04:46 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 13:27:08
ossec-syscheckd: INFO: Starting syscheck scan.
2022/06/21
13:42:51 ossec-syscheckd: INFO: Ending syscheck scan.
2022/06/21
13:47:24 ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd'
not allowed.
2022/06/21 13:47:31 ossec-remoted(1213): WARN:
Message from '192.168.ccc.ddd' not allowed.
2022/06/21 13:47:35
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 13:47:40 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 13:47:46
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 14:30:42 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 14:30:48
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 14:30:52 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 14:30:57
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 14:31:03 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 15:43:34
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 15:43:40 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 15:43:44
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 15:43:49 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 15:43:55
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 16:27:27 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 16:27:33
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 16:27:37 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 16:27:42
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 16:27:48 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 17:11:38
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 17:11:44 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 17:11:48
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 17:11:53 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 17:11:59
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 20:05:23 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 20:05:29
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 20:05:33 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 20:05:38
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 20:05:44 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 20:59:47
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 20:59:53 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 20:59:57
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 21:00:02 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 21:00:08
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 22:49:43 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 22:49:49
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 22:49:53 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 22:49:58
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/21 22:50:04 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/21 23:37:51
rootcheck: INFO: Starting rootcheck scan.
2022/06/21 23:43:59
rootcheck: INFO: Ending rootcheck scan.
2022/06/22 07:14:43
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 07:14:49 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 07:14:53
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 07:14:58 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 07:15:04
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 08:00:42 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 08:00:48
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 08:00:52 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 08:00:57
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 08:01:03 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 08:46:59
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 08:47:05 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 08:47:09
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 08:47:14 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 08:47:20
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 09:38:57 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 09:39:03
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 09:39:07 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 09:39:12
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 09:39:19 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 11:06:33
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 11:06:39 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 11:06:43
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 11:06:48 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 11:06:54
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 11:44:00 ossec-syscheckd: INFO: Starting
syscheck scan.
2022/06/22 11:59:43 ossec-syscheckd: INFO: Ending
syscheck scan.
2022/06/22 12:13:30 ossec-remoted(1213): WARN:
Message from '192.168.ccc.ddd' not allowed.
2022/06/22 12:13:36
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 12:13:40 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 12:13:45
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 12:13:51 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 14:57:49
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 14:57:55 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 14:57:59
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 14:58:04 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 14:58:10
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 15:45:36 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 15:45:42
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 15:45:46 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 15:45:51
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 15:45:57 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 16:33:42
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 16:33:48 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 16:33:52
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 16:33:57 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 16:34:03
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 18:13:49 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 18:13:55
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 18:13:59 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 18:14:04
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 18:14:10 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 19:02:30
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 19:02:36 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 19:02:40
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 19:02:45 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 19:02:51
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 19:44:43 rootcheck: INFO: Starting rootcheck
scan.
2022/06/22 19:50:49 rootcheck: INFO: Ending rootcheck
scan.
2022/06/22 19:51:29 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 19:51:35
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 19:51:39 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 19:51:44
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 19:51:50 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 20:40:46
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 20:40:52 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 20:40:56
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 20:41:01 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 20:41:07
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 21:30:21 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 21:30:27
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 21:30:31 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/22 21:30:36
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/22 21:30:42 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 07:24:21
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 07:24:27 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 07:24:31
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 07:24:36 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 07:24:42
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 07:25:05 ossec-monitord(1225): INFO: SIGNAL
[(15)-(Terminated)] Received. Exit Cleaning...
2022/06/23
07:25:05 ossec-logcollector(1225): INFO: SIGNAL [(15)-(Terminated)]
Received. Exit Cleaning...
2022/06/23 07:25:05
ossec-remoted(1225): INFO: SIGNAL [(15)-(Terminated)] Received. Exit
Cleaning...
2022/06/23 07:25:05 ossec-syscheckd(1225): INFO:
SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...
2022/06/23
07:25:05 ossec-analysisd(1225): INFO: SIGNAL [(15)-(Terminated)]
Received. Exit Cleaning...
2022/06/23 07:39:39 ossec-testrule:
INFO: Reading local decoder file.
2022/06/23 07:39:41
ossec-testrule: INFO: Started (pid: 985).
2022/06/23 07:39:41
ossec-execd(1350): INFO: Active response disabled.
Exiting.
2022/06/23 07:39:41 ossec-analysisd: INFO: Reading
local decoder file.
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'rules_config.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file: 'pam_rules.xml'
2022/06/23
07:39:41 ossec-analysisd: INFO: Reading rules file:
'sshd_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'telnetd_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'syslog_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'arpwatch_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'symantec-av_rules.xml'
2022/06/23 07:39:41 ossec-analysisd:
INFO: Reading rules file: 'symantec-ws_rules.xml'
2022/06/23
07:39:41 ossec-analysisd: INFO: Reading rules file:
'pix_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'named_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'smbd_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'vsftpd_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'pure-ftpd_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'proftpd_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'ms_ftpd_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'ftpd_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'hordeimp_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'roundcube_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'wordpress_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'cimserver_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'vpopmail_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'vmpop3d_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'courier_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'web_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'web_appsec_rules.xml'
2022/06/23 07:39:41 ossec-analysisd:
INFO: Reading rules file: 'apache_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'nginx_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'php_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'mysql_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'postgresql_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file: 'ids_rules.xml'
2022/06/23
07:39:41 ossec-analysisd: INFO: Reading rules file:
'squid_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'firewall_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'apparmor_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'cisco-ios_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'netscreenfw_rules.xml'
2022/06/23 07:39:41 ossec-analysisd:
INFO: Reading rules file: 'sonicwall_rules.xml'
2022/06/23
07:39:41 ossec-analysisd: INFO: Reading rules file:
'postfix_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'sendmail_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'imapd_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'mailscanner_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'dovecot_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'ms-exchange_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'racoon_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'vpn_concentrator_rules.xml'
2022/06/23
07:39:41 ossec-analysisd: INFO: Reading rules file:
'spamd_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'msauth_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'mcafee_av_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'trend-osce_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'ms-se_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'zeus_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'solaris_bsm_rules.xml'
2022/06/23 07:39:41 ossec-analysisd:
INFO: Reading rules file: 'vmware_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'ms_dhcp_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'asterisk_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'ossec_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'attack_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'openbsd_rules.xml'
2022/06/23 07:39:41 ossec-remoted: INFO:
Started (pid: 1027).
2022/06/23 07:39:41 ossec-remoted(1501):
ERROR: No IP or network allowed in the access list for syslog. No
reason for running it. Exiting.
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'clam_av_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'dropbear_rules.xml'
2022/06/23 07:39:41
IPv6: :: on port 1514
2022/06/23 07:39:41 Socket bound for IPv6:
:: on port 1514
2022/06/23 07:39:41 ossec-remoted: INFO: Started
(pid: 1029).
2022/06/23 07:39:41 ossec-analysisd: INFO: Reading
rules file: 'sysmon_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'opensmtpd_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'exim_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Reading rules file:
'openbsd-dhcpd_rules.xml'
2022/06/23 07:39:41 ossec-analysisd:
INFO: Reading rules file: 'dnsmasq_rules.xml'
2022/06/23
07:39:41 ossec-analysisd: INFO: Reading rules file:
'nsd_rules.xml'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Reading rules file: 'local_rules.xml'
2022/06/23 07:39:41
ossec-analysisd: INFO: Total rules enabled: '1606'
2022/06/23
07:39:41 ossec-analysisd: INFO: Ignoring file: '/etc/mtab'
2022/06/23
07:39:41 ossec-analysisd: INFO: Ignoring file:
'/etc/mnttab'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Ignoring file: '/etc/hosts.deny'
2022/06/23 07:39:41
ossec-analysisd: INFO: Ignoring file:
'/etc/mail/statistics'
2022/06/23 07:39:41 ossec-analysisd:
INFO: Ignoring file: '/etc/random-seed'
2022/06/23 07:39:41
ossec-analysisd: INFO: Ignoring file: '/etc/adjtime'
2022/06/23
07:39:41 ossec-analysisd: INFO: Ignoring file:
'/etc/httpd/logs'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Ignoring file: '/etc/utmpx'
2022/06/23 07:39:41 ossec-analysisd:
INFO: Ignoring file: '/etc/wtmpx'
2022/06/23 07:39:41
ossec-analysisd: INFO: Ignoring file: '/etc/cups/certs'
2022/06/23
07:39:41 ossec-analysisd: INFO: Ignoring file:
'/etc/dumpdates'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Ignoring file: '/etc/svc/volatile'
2022/06/23 07:39:41
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/System32/LogFiles'
2022/06/23 07:39:41
ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Debug'
2022/06/23
07:39:41 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/WindowsUpdate.log'
2022/06/23 07:39:41
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/iis6.log'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Ignoring file: 'C:\WINDOWS/system32/wbem/Logs'
2022/06/23
07:39:41 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/wbem/Repository'
2022/06/23 07:39:41
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/Prefetch'
2022/06/23 07:39:41 ossec-analysisd: INFO:
Ignoring file: 'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2022/06/23
07:39:41 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/SoftwareDistribution'
2022/06/23 07:39:41
ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Temp'
2022/06/23
07:39:41 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/config'
2022/06/23 07:39:41
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/spool'
2022/06/23 07:39:41 ossec-analysisd:
INFO: Ignoring file: 'C:\WINDOWS/system32/CatRoot'
2022/06/23
07:39:41 ossec-analysisd: INFO: Started (pid: 1018).
2022/06/23
07:39:41 ossec-monitord: INFO: Started (pid: 1036).
2022/06/23
07:39:41 ossec-remoted(4111): INFO: Maximum number of agents allowed:
'2048'.
2022/06/23 07:39:41 ossec-remoted(1410): INFO: Reading
authentication keys file.
2022/06/23 07:39:41 ossec-remoted:
INFO: No previous counter available for 'D-XPS-WIN10'.
2022/06/23
07:39:41 ossec-remoted: INFO: Assigning counter for agent
D-XPS-WIN10: '0:0'.
2022/06/23 07:39:41 ossec-remoted: INFO: No
previous sender counter.
2022/06/23 07:39:41 ossec-remoted:
INFO: Assigning sender counter: 0:0
2022/06/23 07:39:45
ossec-syscheckd: INFO: Started (pid: 1032).
2022/06/23 07:39:45
ossec-rootcheck: INFO: Started (pid: 1032).
2022/06/23 07:39:45
ossec-syscheckd: INFO: Monitoring directory: '/etc', with options
perm | size | owner | group | md5sum | sha1sum.
2022/06/23
07:39:45 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin',
with options perm | size | owner | group | md5sum |
sha1sum.
2022/06/23 07:39:45 ossec-syscheckd: INFO: Monitoring
directory: '/usr/sbin', with options perm | size | owner | group |
md5sum | sha1sum.
2022/06/23 07:39:45 ossec-syscheckd: INFO:
Monitoring directory: '/bin', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/23 07:39:45 ossec-syscheckd:
INFO: Monitoring directory: '/sbin', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/23 07:39:45 ossec-syscheckd:
INFO: Monitoring directory: '/boot', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/23 07:39:45 ossec-syscheckd:
INFO: ignoring: '/etc/mtab'
2022/06/23 07:39:45 ossec-syscheckd:
INFO: ignoring: '/etc/mnttab'
2022/06/23 07:39:45
ossec-syscheckd: INFO: ignoring: '/etc/hosts.deny'
2022/06/23
07:39:45 ossec-syscheckd: INFO: ignoring:
'/etc/mail/statistics'
2022/06/23 07:39:45 ossec-syscheckd:
INFO: ignoring: '/etc/random-seed'
2022/06/23 07:39:45
ossec-syscheckd: INFO: ignoring: '/etc/adjtime'
2022/06/23
07:39:45 ossec-syscheckd: INFO: ignoring:
'/etc/httpd/logs'
2022/06/23 07:39:45 ossec-syscheckd: INFO:
ignoring: '/etc/utmpx'
2022/06/23 07:39:45 ossec-syscheckd:
INFO: ignoring: '/etc/wtmpx'
2022/06/23 07:39:45
ossec-syscheckd: INFO: ignoring: '/etc/cups/certs'
2022/06/23
07:39:45 ossec-syscheckd: INFO: ignoring: '/etc/dumpdates'
2022/06/23
07:39:45 ossec-syscheckd: INFO: ignoring:
'/etc/svc/volatile'
2022/06/23 07:39:45 ossec-syscheckd: INFO:
ignoring: 'C:\WINDOWS/System32/LogFiles'
2022/06/23 07:39:45
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Debug'
2022/06/23
07:39:45 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/WindowsUpdate.log'
2022/06/23 07:39:45
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/iis6.log'
2022/06/23
07:39:45 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/wbem/Logs'
2022/06/23 07:39:45
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/wbem/Repository'
2022/06/23 07:39:45
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Prefetch'
2022/06/23
07:39:45 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2022/06/23 07:39:45
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/SoftwareDistribution'
2022/06/23 07:39:45
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Temp'
2022/06/23
07:39:45 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/config'
2022/06/23 07:39:45
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/spool'
2022/06/23 07:39:45 ossec-syscheckd:
INFO: ignoring: 'C:\WINDOWS/system32/CatRoot'
2022/06/23
07:39:47 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/auth.log'.
2022/06/23 07:39:47
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/syslog'.
2022/06/23 07:39:47 ossec-logcollector(1950):
INFO: Analyzing file: '/var/log/dpkg.log'.
2022/06/23 07:39:47
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/apache2/error.log'.
2022/06/23 07:39:47
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/apache2/access.log'.
2022/06/23 07:39:47
ossec-logcollector: INFO: Monitoring output of command(360): df
-P
2022/06/23 07:39:47 ossec-logcollector: INFO: Monitoring full
output of command(360): netstat -tan |grep LISTEN |egrep -v
'(127.0.0.1| ::1)' | sort
2022/06/23 07:39:47
ossec-logcollector: INFO: Monitoring full output of command(360):
last -n 5
2022/06/23 07:39:47 ossec-logcollector: INFO: Started
(pid: 1022).
2022/06/23 07:40:46 ossec-syscheckd: INFO: Starting
syscheck scan (forwarding database).
2022/06/23 07:40:46
ossec-syscheckd: INFO: Starting syscheck database
(pre-scan).
2022/06/23 07:56:24 ossec-syscheckd: INFO: Finished
creating syscheck database (pre-scan completed).
2022/06/23
07:56:36 ossec-syscheckd: INFO: Ending syscheck scan (forwarding
database).
2022/06/23 07:56:56 rootcheck: INFO: Starting
rootcheck scan.
2022/06/23 08:09:39 rootcheck: INFO: Ending
rootcheck scan.
2022/06/23 09:49:16 ossec-remoted(1213): WARN:
Message from '192.168.ccc.ddd' not allowed.
2022/06/23 09:49:22
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 09:49:26 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 09:49:31
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 09:49:37 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 11:19:06
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 11:19:12 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 11:19:16
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 11:19:21 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 11:19:27
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 12:09:53 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 12:09:59
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 12:10:03 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 12:10:08
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 12:10:14 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 13:41:54
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 13:42:00 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 13:42:04
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 13:42:09 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 13:42:15
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 14:33:17 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 14:33:23
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 14:33:27 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 14:33:32
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 14:33:38 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 15:24:58
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 15:25:04 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 15:25:08
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 15:25:13 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 15:25:19
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 16:16:57 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 16:17:03
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 16:17:07 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 16:17:12
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 16:17:18 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 17:09:14
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 17:09:20 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 17:09:24
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 17:09:29 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 17:09:35
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 18:35:04 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 18:35:10
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 18:35:14 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 18:35:19
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 18:35:25 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 19:41:06
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 19:57:50 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 19:57:55
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 19:58:01 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 20:50:51
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 20:50:57 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 20:51:01
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 20:51:06 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 20:51:12
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 21:44:20 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 21:44:26
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 21:44:30 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/23 21:44:35
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/23 21:44:41 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/24 04:14:39
rootcheck: INFO: Starting rootcheck scan.
2022/06/24 04:27:09
rootcheck: INFO: Ending rootcheck scan.
2022/06/24 05:57:09
ossec-syscheckd: INFO: Starting syscheck scan.
2022/06/24
06:12:52 ossec-syscheckd: INFO: Ending syscheck scan.
2022/06/24
06:46:49 ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd'
not allowed.
2022/06/24 06:46:55 ossec-remoted(1213): WARN:
Message from '192.168.ccc.ddd' not allowed.
2022/06/24 06:46:59
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/24 06:47:04 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/24 06:47:10
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/24 08:41:20 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/24 08:41:26
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/24 08:41:30 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/24 08:41:35
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/24 08:41:41 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/24 09:43:15
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/24 09:43:21 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/24 09:43:25
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/24 09:43:30 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/24 09:43:36
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/24 12:11:11 ossec-monitord(1225): INFO: SIGNAL
[(15)-(Terminated)] Received. Exit Cleaning...
2022/06/24
12:11:11 ossec-logcollector(1225): INFO: SIGNAL [(15)-(Terminated)]
Received. Exit Cleaning...
2022/06/24 12:11:11
ossec-remoted(1225): INFO: SIGNAL [(15)-(Terminated)] Received. Exit
Cleaning...
2022/06/24 12:11:11 ossec-syscheckd(1225): INFO:
SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...
2022/06/24
12:11:11 ossec-analysisd(1225): INFO: SIGNAL [(15)-(Terminated)]
Received. Exit Cleaning...
2022/06/24 12:25:23 ossec-testrule:
INFO: Reading local decoder file.
2022/06/24 12:25:24
ossec-testrule: INFO: Started (pid: 912).
2022/06/24 12:25:24
ossec-execd(1350): INFO: Active response disabled.
Exiting.
2022/06/24 12:25:25 ossec-analysisd: INFO: Reading
local decoder file.
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'rules_config.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file: 'pam_rules.xml'
2022/06/24
12:25:25 ossec-analysisd: INFO: Reading rules file:
'sshd_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'telnetd_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'syslog_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'arpwatch_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'symantec-av_rules.xml'
2022/06/24 12:25:25 ossec-analysisd:
INFO: Reading rules file: 'symantec-ws_rules.xml'
2022/06/24
12:25:25 ossec-analysisd: INFO: Reading rules file:
'pix_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'named_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'smbd_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'vsftpd_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'pure-ftpd_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'proftpd_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'ms_ftpd_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'ftpd_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'hordeimp_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'roundcube_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'wordpress_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'cimserver_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'vpopmail_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'vmpop3d_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'courier_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'web_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'web_appsec_rules.xml'
2022/06/24 12:25:25 ossec-analysisd:
INFO: Reading rules file: 'apache_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'nginx_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'php_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'mysql_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'postgresql_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file: 'ids_rules.xml'
2022/06/24
12:25:25 ossec-analysisd: INFO: Reading rules file:
'squid_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'firewall_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'apparmor_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'cisco-ios_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'netscreenfw_rules.xml'
2022/06/24 12:25:25 ossec-analysisd:
INFO: Reading rules file: 'sonicwall_rules.xml'
2022/06/24
12:25:25 ossec-analysisd: INFO: Reading rules file:
'postfix_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'sendmail_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'imapd_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'mailscanner_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'dovecot_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'ms-exchange_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'racoon_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'vpn_concentrator_rules.xml'
2022/06/24
12:25:25 ossec-analysisd: INFO: Reading rules file:
'spamd_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'msauth_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'mcafee_av_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'trend-osce_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'ms-se_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'zeus_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'solaris_bsm_rules.xml'
2022/06/24 12:25:25 ossec-analysisd:
INFO: Reading rules file: 'vmware_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'ms_dhcp_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'asterisk_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'ossec_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'attack_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'openbsd_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'clam_av_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'dropbear_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'sysmon_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'opensmtpd_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'exim_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Reading rules file:
'openbsd-dhcpd_rules.xml'
2022/06/24 12:25:25 ossec-analysisd:
INFO: Reading rules file: 'dnsmasq_rules.xml'
2022/06/24
12:25:25 ossec-analysisd: INFO: Reading rules file:
'nsd_rules.xml'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Reading rules file: 'local_rules.xml'
2022/06/24 12:25:25
ossec-analysisd: INFO: Total rules enabled: '1606'
2022/06/24
12:25:25 ossec-analysisd: INFO: Ignoring file: '/etc/mtab'
2022/06/24
12:25:25 ossec-analysisd: INFO: Ignoring file:
'/etc/mnttab'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Ignoring file: '/etc/hosts.deny'
2022/06/24 12:25:25
ossec-analysisd: INFO: Ignoring file:
'/etc/mail/statistics'
2022/06/24 12:25:25 ossec-analysisd:
INFO: Ignoring file: '/etc/random-seed'
2022/06/24 12:25:25
ossec-analysisd: INFO: Ignoring file: '/etc/adjtime'
2022/06/24
12:25:25 ossec-analysisd: INFO: Ignoring file:
'/etc/httpd/logs'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Ignoring file: '/etc/utmpx'
2022/06/24 12:25:25 ossec-analysisd:
INFO: Ignoring file: '/etc/wtmpx'
2022/06/24 12:25:25
ossec-analysisd: INFO: Ignoring file: '/etc/cups/certs'
2022/06/24
12:25:25 ossec-analysisd: INFO: Ignoring file:
'/etc/dumpdates'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Ignoring file: '/etc/svc/volatile'
2022/06/24 12:25:25
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/System32/LogFiles'
2022/06/24 12:25:25
ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Debug'
2022/06/24
12:25:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/WindowsUpdate.log'
2022/06/24 12:25:25
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/iis6.log'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Ignoring file: 'C:\WINDOWS/system32/wbem/Logs'
2022/06/24
12:25:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/wbem/Repository'
2022/06/24 12:25:25
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/Prefetch'
2022/06/24 12:25:25 ossec-analysisd: INFO:
Ignoring file: 'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2022/06/24
12:25:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/SoftwareDistribution'
2022/06/24 12:25:25
ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Temp'
2022/06/24
12:25:25 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/config'
2022/06/24 12:25:25
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/spool'
2022/06/24 12:25:25 ossec-analysisd:
INFO: Ignoring file: 'C:\WINDOWS/system32/CatRoot'
2022/06/24
12:25:25 ossec-analysisd: INFO: Started (pid: 959).
2022/06/24
12:25:25 ossec-remoted: INFO: Started (pid: 974).
2022/06/24
12:25:25 ossec-remoted(1501): ERROR: No IP or network allowed in the
access list for syslog. No reason for running it. Exiting.
2022/06/24
12:25:25 getaddrinfo: Name or service not known
2022/06/24
12:25:25 ossec-remoted(1206): ERROR: Unable to Bind port
'1514'
2022/06/24 12:25:25 ossec-monitord: INFO: Started (pid:
984).
2022/06/24 12:25:29 ossec-syscheckd: INFO: Started (pid:
980).
2022/06/24 12:25:29 ossec-rootcheck: INFO: Started (pid:
980).
2022/06/24 12:25:29 ossec-syscheckd: INFO: Monitoring
directory: '/etc', with options perm | size | owner | group | md5sum
| sha1sum.
2022/06/24 12:25:29 ossec-syscheckd: INFO: Monitoring
directory: '/usr/bin', with options perm | size | owner | group |
md5sum | sha1sum.
2022/06/24 12:25:29 ossec-syscheckd: INFO:
Monitoring directory: '/usr/sbin', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/24 12:25:29 ossec-syscheckd:
INFO: Monitoring directory: '/bin', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/24 12:25:29 ossec-syscheckd:
INFO: Monitoring directory: '/sbin', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/24 12:25:29 ossec-syscheckd:
INFO: Monitoring directory: '/boot', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/24 12:25:29 ossec-syscheckd:
INFO: ignoring: '/etc/mtab'
2022/06/24 12:25:29 ossec-syscheckd:
INFO: ignoring: '/etc/mnttab'
2022/06/24 12:25:29
ossec-syscheckd: INFO: ignoring: '/etc/hosts.deny'
2022/06/24
12:25:29 ossec-syscheckd: INFO: ignoring:
'/etc/mail/statistics'
2022/06/24 12:25:29 ossec-syscheckd:
INFO: ignoring: '/etc/random-seed'
2022/06/24 12:25:29
ossec-syscheckd: INFO: ignoring: '/etc/adjtime'
2022/06/24
12:25:29 ossec-syscheckd: INFO: ignoring:
'/etc/httpd/logs'
2022/06/24 12:25:29 ossec-syscheckd: INFO:
ignoring: '/etc/utmpx'
2022/06/24 12:25:29 ossec-syscheckd:
INFO: ignoring: '/etc/wtmpx'
2022/06/24 12:25:29
ossec-syscheckd: INFO: ignoring: '/etc/cups/certs'
2022/06/24
12:25:29 ossec-syscheckd: INFO: ignoring: '/etc/dumpdates'
2022/06/24
12:25:29 ossec-syscheckd: INFO: ignoring:
'/etc/svc/volatile'
2022/06/24 12:25:29 ossec-syscheckd: INFO:
ignoring: 'C:\WINDOWS/System32/LogFiles'
2022/06/24 12:25:29
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Debug'
2022/06/24
12:25:29 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/WindowsUpdate.log'
2022/06/24 12:25:29
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/iis6.log'
2022/06/24
12:25:29 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/wbem/Logs'
2022/06/24 12:25:29
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/wbem/Repository'
2022/06/24 12:25:29
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Prefetch'
2022/06/24
12:25:29 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2022/06/24 12:25:29
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/SoftwareDistribution'
2022/06/24 12:25:29
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Temp'
2022/06/24
12:25:29 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/config'
2022/06/24 12:25:29
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/spool'
2022/06/24 12:25:29 ossec-syscheckd:
INFO: ignoring: 'C:\WINDOWS/system32/CatRoot'
2022/06/24
12:25:31 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/auth.log'.
2022/06/24 12:25:31
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/syslog'.
2022/06/24 12:25:31 ossec-logcollector(1950):
INFO: Analyzing file: '/var/log/dpkg.log'.
2022/06/24 12:25:31
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/apache2/error.log'.
2022/06/24 12:25:31
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/apache2/access.log'.
2022/06/24 12:25:31
ossec-logcollector: INFO: Monitoring output of command(360): df
-P
2022/06/24 12:25:31 ossec-logcollector: INFO: Monitoring full
output of command(360): netstat -tan |grep LISTEN |egrep -v
'(127.0.0.1| ::1)' | sort
2022/06/24 12:25:31
ossec-logcollector: INFO: Monitoring full output of command(360):
last -n 5
2022/06/24 12:25:31 ossec-logcollector: INFO: Started
(pid: 969).
2022/06/24 12:26:31 ossec-syscheckd: INFO: Starting
syscheck scan (forwarding database).
2022/06/24 12:26:31
ossec-syscheckd: INFO: Starting syscheck database
(pre-scan).
2022/06/24 12:42:09 ossec-syscheckd: INFO: Finished
creating syscheck database (pre-scan completed).
2022/06/24
12:42:21 ossec-syscheckd: INFO: Ending syscheck scan (forwarding
database).
2022/06/24 12:42:41 rootcheck: INFO: Starting
rootcheck scan.
2022/06/24 13:00:46 rootcheck: INFO: Ending
rootcheck scan.
2022/06/25 09:05:46 rootcheck: INFO: Starting
rootcheck scan.
2022/06/25 09:19:57 rootcheck: INFO: Ending
rootcheck scan.
2022/06/25 10:44:57 ossec-syscheckd: INFO:
Starting syscheck scan.
2022/06/25 11:00:41 ossec-syscheckd:
INFO: Ending syscheck scan.
2022/06/26 05:20:41 rootcheck: INFO:
Starting rootcheck scan.
2022/06/26 05:33:06 rootcheck: INFO:
Ending rootcheck scan.
2022/06/26 09:03:06 ossec-syscheckd:
INFO: Starting syscheck scan.
2022/06/26 09:18:49
ossec-syscheckd: INFO: Ending syscheck scan.
2022/06/26 11:21:55
ossec-monitord(1225): INFO: SIGNAL [(15)-(Terminated)] Received. Exit
Cleaning...
2022/06/26 11:21:55 ossec-logcollector(1225): INFO:
SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...
2022/06/26
11:21:56 ossec-syscheckd(1225): INFO: SIGNAL [(15)-(Terminated)]
Received. Exit Cleaning...
2022/06/26 11:21:56
ossec-analysisd(1225): INFO: SIGNAL [(15)-(Terminated)] Received.
Exit Cleaning...
2022/06/26 11:36:53 ossec-testrule: INFO:
Reading local decoder file.
2022/06/26 11:36:55 ossec-testrule:
INFO: Started (pid: 860).
2022/06/26 11:36:55 ossec-execd(1350):
INFO: Active response disabled. Exiting.
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading local decoder file.
2022/06/26
11:36:56 ossec-analysisd: INFO: Reading rules file:
'rules_config.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'pam_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'sshd_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'telnetd_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'syslog_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'arpwatch_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'symantec-av_rules.xml'
2022/06/26 11:36:56 ossec-analysisd:
INFO: Reading rules file: 'symantec-ws_rules.xml'
2022/06/26
11:36:56 ossec-analysisd: INFO: Reading rules file:
'pix_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'named_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'smbd_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'vsftpd_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'pure-ftpd_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'proftpd_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'ms_ftpd_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'ftpd_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'hordeimp_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'roundcube_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'wordpress_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'cimserver_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'vpopmail_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'vmpop3d_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'courier_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'web_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'web_appsec_rules.xml'
2022/06/26 11:36:56 ossec-analysisd:
INFO: Reading rules file: 'apache_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'nginx_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'php_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'mysql_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'postgresql_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file: 'ids_rules.xml'
2022/06/26
11:36:56 ossec-analysisd: INFO: Reading rules file:
'squid_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'firewall_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'apparmor_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'cisco-ios_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'netscreenfw_rules.xml'
2022/06/26 11:36:56 ossec-analysisd:
INFO: Reading rules file: 'sonicwall_rules.xml'
2022/06/26
11:36:56 ossec-analysisd: INFO: Reading rules file:
'postfix_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'sendmail_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'imapd_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'mailscanner_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'dovecot_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'ms-exchange_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'racoon_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'vpn_concentrator_rules.xml'
2022/06/26
11:36:56 ossec-analysisd: INFO: Reading rules file:
'spamd_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'msauth_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'mcafee_av_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'trend-osce_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'ms-se_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'zeus_rules.xml'
2022/06/26 11:36:56
ossec-remoted: INFO: Started (pid: 920).
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'solaris_bsm_rules.xml'
2022/06/26 11:36:56 ossec-analysisd:
INFO: Reading rules file: 'vmware_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'ms_dhcp_rules.xml'
2022/06/26 11:36:56 ossec-remoted(1501):
ERROR: No IP or network allowed in the access list for syslog. No
reason for running it. Exiting.
2022/06/26 11:36:56 IPv6: :: on
port 1514
2022/06/26 11:36:56 Socket bound for IPv6: :: on port
1514
2022/06/26 11:36:56 ossec-remoted: INFO: Started (pid:
922).
2022/06/26 11:36:56 ossec-analysisd: INFO: Reading rules
file: 'asterisk_rules.xml'
2022/06/26 11:36:56 ossec-analysisd:
INFO: Reading rules file: 'ossec_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'attack_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'openbsd_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'clam_av_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'dropbear_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'sysmon_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'opensmtpd_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'exim_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'openbsd-dhcpd_rules.xml'
2022/06/26
11:36:56 ossec-analysisd: INFO: Reading rules file:
'dnsmasq_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Reading rules file: 'nsd_rules.xml'
2022/06/26 11:36:56
ossec-analysisd: INFO: Reading rules file:
'local_rules.xml'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Total rules enabled: '1606'
2022/06/26 11:36:56 ossec-analysisd:
INFO: Ignoring file: '/etc/mtab'
2022/06/26 11:36:56
ossec-analysisd: INFO: Ignoring file: '/etc/mnttab'
2022/06/26
11:36:56 ossec-analysisd: INFO: Ignoring file:
'/etc/hosts.deny'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Ignoring file: '/etc/mail/statistics'
2022/06/26 11:36:56
ossec-analysisd: INFO: Ignoring file: '/etc/random-seed'
2022/06/26
11:36:56 ossec-analysisd: INFO: Ignoring file:
'/etc/adjtime'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Ignoring file: '/etc/httpd/logs'
2022/06/26 11:36:56
ossec-analysisd: INFO: Ignoring file: '/etc/utmpx'
2022/06/26
11:36:56 ossec-analysisd: INFO: Ignoring file:
'/etc/wtmpx'
2022/06/26 11:36:56 ossec-analysisd: INFO: Ignoring
file: '/etc/cups/certs'
2022/06/26 11:36:56 ossec-analysisd:
INFO: Ignoring file: '/etc/dumpdates'
2022/06/26 11:36:56
ossec-analysisd: INFO: Ignoring file: '/etc/svc/volatile'
2022/06/26
11:36:56 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/System32/LogFiles'
2022/06/26 11:36:56
ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Debug'
2022/06/26
11:36:56 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/WindowsUpdate.log'
2022/06/26 11:36:56
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/iis6.log'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Ignoring file: 'C:\WINDOWS/system32/wbem/Logs'
2022/06/26
11:36:56 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/wbem/Repository'
2022/06/26 11:36:56
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/Prefetch'
2022/06/26 11:36:56 ossec-analysisd: INFO:
Ignoring file: 'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2022/06/26
11:36:56 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/SoftwareDistribution'
2022/06/26 11:36:56
ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Temp'
2022/06/26
11:36:56 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/config'
2022/06/26 11:36:56
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/spool'
2022/06/26 11:36:56 ossec-analysisd:
INFO: Ignoring file: 'C:\WINDOWS/system32/CatRoot'
2022/06/26
11:36:56 ossec-analysisd: INFO: Started (pid: 907).
2022/06/26
11:36:56 ossec-monitord: INFO: Started (pid: 930).
2022/06/26
11:36:56 ossec-remoted(4111): INFO: Maximum number of agents allowed:
'2048'.
2022/06/26 11:36:56 ossec-remoted(1410): INFO: Reading
authentication keys file.
2022/06/26 11:36:56 ossec-remoted:
INFO: No previous counter available for 'D-XPS-WIN10'.
2022/06/26
11:36:56 ossec-remoted: INFO: Assigning counter for agent
D-XPS-WIN10: '0:0'.
2022/06/26 11:36:56 ossec-remoted: INFO: No
previous sender counter.
2022/06/26 11:36:56 ossec-remoted:
INFO: Assigning sender counter: 0:0
2022/06/26 11:37:00
ossec-syscheckd: INFO: Started (pid: 926).
2022/06/26 11:37:00
ossec-rootcheck: INFO: Started (pid: 926).
2022/06/26 11:37:00
ossec-syscheckd: INFO: Monitoring directory: '/etc', with options
perm | size | owner | group | md5sum | sha1sum.
2022/06/26
11:37:00 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin',
with options perm | size | owner | group | md5sum |
sha1sum.
2022/06/26 11:37:00 ossec-syscheckd: INFO: Monitoring
directory: '/usr/sbin', with options perm | size | owner | group |
md5sum | sha1sum.
2022/06/26 11:37:00 ossec-syscheckd: INFO:
Monitoring directory: '/bin', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/26 11:37:00 ossec-syscheckd:
INFO: Monitoring directory: '/sbin', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/26 11:37:00 ossec-syscheckd:
INFO: Monitoring directory: '/boot', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/26 11:37:00 ossec-syscheckd:
INFO: ignoring: '/etc/mtab'
2022/06/26 11:37:00 ossec-syscheckd:
INFO: ignoring: '/etc/mnttab'
2022/06/26 11:37:00
ossec-syscheckd: INFO: ignoring: '/etc/hosts.deny'
2022/06/26
11:37:00 ossec-syscheckd: INFO: ignoring:
'/etc/mail/statistics'
2022/06/26 11:37:00 ossec-syscheckd:
INFO: ignoring: '/etc/random-seed'
2022/06/26 11:37:00
ossec-syscheckd: INFO: ignoring: '/etc/adjtime'
2022/06/26
11:37:00 ossec-syscheckd: INFO: ignoring:
'/etc/httpd/logs'
2022/06/26 11:37:00 ossec-syscheckd: INFO:
ignoring: '/etc/utmpx'
2022/06/26 11:37:00 ossec-syscheckd:
INFO: ignoring: '/etc/wtmpx'
2022/06/26 11:37:00
ossec-syscheckd: INFO: ignoring: '/etc/cups/certs'
2022/06/26
11:37:00 ossec-syscheckd: INFO: ignoring: '/etc/dumpdates'
2022/06/26
11:37:00 ossec-syscheckd: INFO: ignoring:
'/etc/svc/volatile'
2022/06/26 11:37:00 ossec-syscheckd: INFO:
ignoring: 'C:\WINDOWS/System32/LogFiles'
2022/06/26 11:37:00
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Debug'
2022/06/26
11:37:00 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/WindowsUpdate.log'
2022/06/26 11:37:00
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/iis6.log'
2022/06/26
11:37:00 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/wbem/Logs'
2022/06/26 11:37:00
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/wbem/Repository'
2022/06/26 11:37:00
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Prefetch'
2022/06/26
11:37:00 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2022/06/26 11:37:00
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/SoftwareDistribution'
2022/06/26 11:37:00
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Temp'
2022/06/26
11:37:00 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/config'
2022/06/26 11:37:00
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/spool'
2022/06/26 11:37:00 ossec-syscheckd:
INFO: ignoring: 'C:\WINDOWS/system32/CatRoot'
2022/06/26
11:37:02 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/auth.log'.
2022/06/26 11:37:02
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/syslog'.
2022/06/26 11:37:02 ossec-logcollector(1950):
INFO: Analyzing file: '/var/log/dpkg.log'.
2022/06/26 11:37:02
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/apache2/error.log'.
2022/06/26 11:37:02
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/apache2/access.log'.
2022/06/26 11:37:02
ossec-logcollector: INFO: Monitoring output of command(360): df
-P
2022/06/26 11:37:02 ossec-logcollector: INFO: Monitoring full
output of command(360): netstat -tan |grep LISTEN |egrep -v
'(127.0.0.1| ::1)' | sort
2022/06/26 11:37:02
ossec-logcollector: INFO: Monitoring full output of command(360):
last -n 5
2022/06/26 11:37:02 ossec-logcollector: INFO: Started
(pid: 916).
2022/06/26 11:38:01 ossec-syscheckd: INFO: Starting
syscheck scan (forwarding database).
2022/06/26 11:38:01
ossec-syscheckd: INFO: Starting syscheck database
(pre-scan).
2022/06/26 11:53:39 ossec-syscheckd: INFO: Finished
creating syscheck database (pre-scan completed).
2022/06/26
11:53:51 ossec-syscheckd: INFO: Ending syscheck scan (forwarding
database).
2022/06/26 11:54:11 rootcheck: INFO: Starting
rootcheck scan.
2022/06/26 11:55:47 ossec-remoted(1213): WARN:
Message from '192.168.ccc.ddd' not allowed.
2022/06/26 11:55:53
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/26 11:55:57 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/26 11:56:02
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/26 11:56:08 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/26 12:06:54
rootcheck: INFO: Ending rootcheck scan.
2022/06/26 12:57:40
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/26 12:57:46 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/26 12:57:50
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/26 12:57:55 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/26 12:58:01
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/26 21:28:02 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/26 21:28:08
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/26 21:28:12 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/26 21:28:17
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/26 21:28:23 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/26 22:30:49
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/26 22:30:55 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/26 22:31:00
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/26 22:31:05 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/26 22:31:11
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 08:11:54 rootcheck: INFO: Starting rootcheck
scan.
2022/06/27 08:24:24 rootcheck: INFO: Ending rootcheck
scan.
2022/06/27 08:45:53 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/27 08:45:59
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 08:46:03 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/27 08:46:08
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 08:46:14 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/27 09:49:16
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 09:49:22 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/27 09:49:26
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 09:49:31 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/27 09:49:37
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 09:54:24 ossec-syscheckd: INFO: Starting
syscheck scan.
2022/06/27 10:10:11 ossec-syscheckd: INFO: Ending
syscheck scan.
2022/06/27 10:52:57 ossec-remoted(1213): WARN:
Message from '192.168.ccc.ddd' not allowed.
2022/06/27 10:53:03
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 10:53:07 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/27 10:53:12
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 10:53:18 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/27 14:23:43
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 14:23:49 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/27 14:23:53
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 14:23:58 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/27 14:24:04
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 14:25:29 ossec-monitord(1225): INFO: SIGNAL
[(15)-(Terminated)] Received. Exit Cleaning...
2022/06/27
14:25:29 ossec-logcollector(1225): INFO: SIGNAL [(15)-(Terminated)]
Received. Exit Cleaning...
2022/06/27 14:25:29
ossec-remoted(1225): INFO: SIGNAL [(15)-(Terminated)] Received. Exit
Cleaning...
2022/06/27 14:25:29 ossec-syscheckd(1225): INFO:
SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...
2022/06/27
14:25:30 ossec-analysisd(1225): INFO: SIGNAL [(15)-(Terminated)]
Received. Exit Cleaning...
2022/06/27 14:25:31 ossec-testrule:
INFO: Reading local decoder file.
2022/06/27 14:25:31
ossec-testrule: INFO: Started (pid: 19375).
2022/06/27 14:25:31
ossec-execd(1350): INFO: Active response disabled.
Exiting.
2022/06/27 14:25:31 ossec-remoted: INFO: Started (pid:
19400).
2022/06/27 14:25:31 ossec-remoted(1501): ERROR: No IP or
network allowed in the access list for syslog. No reason for running
it. Exiting.
2022/06/27 14:25:31 IPv6: :: on port
1514
2022/06/27 14:25:31 Socket bound for IPv6: :: on port
1514
2022/06/27 14:25:31 ossec-remoted: INFO: Started (pid:
19403).
2022/06/27 14:25:31 ossec-analysisd: INFO: Reading local
decoder file.
2022/06/27 14:25:31 ossec-analysisd: INFO: Reading
rules file: 'rules_config.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file: 'pam_rules.xml'
2022/06/27
14:25:31 ossec-analysisd: INFO: Reading rules file:
'sshd_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'telnetd_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'syslog_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'arpwatch_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'symantec-av_rules.xml'
2022/06/27 14:25:31 ossec-analysisd:
INFO: Reading rules file: 'symantec-ws_rules.xml'
2022/06/27
14:25:31 ossec-analysisd: INFO: Reading rules file:
'pix_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'named_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'smbd_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'vsftpd_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'pure-ftpd_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'proftpd_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'ms_ftpd_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'ftpd_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'hordeimp_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'roundcube_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'wordpress_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'cimserver_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'vpopmail_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'vmpop3d_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'courier_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'web_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'web_appsec_rules.xml'
2022/06/27 14:25:31 ossec-analysisd:
INFO: Reading rules file: 'apache_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'nginx_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'php_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'mysql_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'postgresql_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file: 'ids_rules.xml'
2022/06/27
14:25:31 ossec-analysisd: INFO: Reading rules file:
'squid_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'firewall_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'apparmor_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'cisco-ios_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'netscreenfw_rules.xml'
2022/06/27 14:25:31 ossec-analysisd:
INFO: Reading rules file: 'sonicwall_rules.xml'
2022/06/27
14:25:31 ossec-analysisd: INFO: Reading rules file:
'postfix_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'sendmail_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'imapd_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'mailscanner_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'dovecot_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'ms-exchange_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'racoon_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'vpn_concentrator_rules.xml'
2022/06/27
14:25:31 ossec-analysisd: INFO: Reading rules file:
'spamd_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'msauth_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'mcafee_av_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'trend-osce_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'ms-se_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'zeus_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'solaris_bsm_rules.xml'
2022/06/27 14:25:31 ossec-analysisd:
INFO: Reading rules file: 'vmware_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'ms_dhcp_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'asterisk_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'ossec_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'attack_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'openbsd_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'clam_av_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'dropbear_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'sysmon_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'opensmtpd_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'exim_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Reading rules file:
'openbsd-dhcpd_rules.xml'
2022/06/27 14:25:31 ossec-analysisd:
INFO: Reading rules file: 'dnsmasq_rules.xml'
2022/06/27
14:25:31 ossec-analysisd: INFO: Reading rules file:
'nsd_rules.xml'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Reading rules file: 'local_rules.xml'
2022/06/27 14:25:31
ossec-analysisd: INFO: Total rules enabled: '1606'
2022/06/27
14:25:31 ossec-analysisd: INFO: Ignoring file: '/etc/mtab'
2022/06/27
14:25:31 ossec-analysisd: INFO: Ignoring file:
'/etc/mnttab'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Ignoring file: '/etc/hosts.deny'
2022/06/27 14:25:31
ossec-analysisd: INFO: Ignoring file:
'/etc/mail/statistics'
2022/06/27 14:25:31 ossec-analysisd:
INFO: Ignoring file: '/etc/random-seed'
2022/06/27 14:25:31
ossec-analysisd: INFO: Ignoring file: '/etc/adjtime'
2022/06/27
14:25:31 ossec-analysisd: INFO: Ignoring file:
'/etc/httpd/logs'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Ignoring file: '/etc/utmpx'
2022/06/27 14:25:31 ossec-analysisd:
INFO: Ignoring file: '/etc/wtmpx'
2022/06/27 14:25:31
ossec-analysisd: INFO: Ignoring file: '/etc/cups/certs'
2022/06/27
14:25:31 ossec-analysisd: INFO: Ignoring file:
'/etc/dumpdates'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Ignoring file: '/etc/svc/volatile'
2022/06/27 14:25:31
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/System32/LogFiles'
2022/06/27 14:25:31
ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Debug'
2022/06/27
14:25:31 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/WindowsUpdate.log'
2022/06/27 14:25:31
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/iis6.log'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Ignoring file: 'C:\WINDOWS/system32/wbem/Logs'
2022/06/27
14:25:31 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/wbem/Repository'
2022/06/27 14:25:31
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/Prefetch'
2022/06/27 14:25:31 ossec-analysisd: INFO:
Ignoring file: 'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2022/06/27
14:25:31 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/SoftwareDistribution'
2022/06/27 14:25:31
ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Temp'
2022/06/27
14:25:31 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/config'
2022/06/27 14:25:31
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/spool'
2022/06/27 14:25:31 ossec-analysisd:
INFO: Ignoring file: 'C:\WINDOWS/system32/CatRoot'
2022/06/27
14:25:31 ossec-analysisd: INFO: Started (pid: 19392).
2022/06/27
14:25:32 ossec-remoted(4111): INFO: Maximum number of agents allowed:
'2048'.
2022/06/27 14:25:32 ossec-remoted(1410): INFO: Reading
authentication keys file.
2022/06/27 14:25:32 ossec-remoted:
INFO: No previous counter available for 'D-XPS-WIN10'.
2022/06/27
14:25:32 ossec-remoted: INFO: Assigning counter for agent
D-XPS-WIN10: '0:0'.
2022/06/27 14:25:32 ossec-remoted: INFO: No
previous sender counter.
2022/06/27 14:25:32 ossec-remoted:
INFO: Assigning sender counter: 0:0
2022/06/27 14:25:32
ossec-monitord: INFO: Started (pid: 19413).
2022/06/27 14:25:36
ossec-syscheckd: INFO: Started (pid: 19409).
2022/06/27 14:25:36
ossec-rootcheck: INFO: Started (pid: 19409).
2022/06/27 14:25:36
ossec-syscheckd: INFO: Monitoring directory: '/etc', with options
perm | size | owner | group | md5sum | sha1sum.
2022/06/27
14:25:36 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin',
with options perm | size | owner | group | md5sum |
sha1sum.
2022/06/27 14:25:36 ossec-syscheckd: INFO: Monitoring
directory: '/usr/sbin', with options perm | size | owner | group |
md5sum | sha1sum.
2022/06/27 14:25:36 ossec-syscheckd: INFO:
Monitoring directory: '/bin', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/27 14:25:36 ossec-syscheckd:
INFO: Monitoring directory: '/sbin', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/27 14:25:36 ossec-syscheckd:
INFO: Monitoring directory: '/boot', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/27 14:25:36 ossec-syscheckd:
INFO: ignoring: '/etc/mtab'
2022/06/27 14:25:36 ossec-syscheckd:
INFO: ignoring: '/etc/mnttab'
2022/06/27 14:25:36
ossec-syscheckd: INFO: ignoring: '/etc/hosts.deny'
2022/06/27
14:25:36 ossec-syscheckd: INFO: ignoring:
'/etc/mail/statistics'
2022/06/27 14:25:36 ossec-syscheckd:
INFO: ignoring: '/etc/random-seed'
2022/06/27 14:25:36
ossec-syscheckd: INFO: ignoring: '/etc/adjtime'
2022/06/27
14:25:36 ossec-syscheckd: INFO: ignoring:
'/etc/httpd/logs'
2022/06/27 14:25:36 ossec-syscheckd: INFO:
ignoring: '/etc/utmpx'
2022/06/27 14:25:36 ossec-syscheckd:
INFO: ignoring: '/etc/wtmpx'
2022/06/27 14:25:36
ossec-syscheckd: INFO: ignoring: '/etc/cups/certs'
2022/06/27
14:25:36 ossec-syscheckd: INFO: ignoring: '/etc/dumpdates'
2022/06/27
14:25:36 ossec-syscheckd: INFO: ignoring:
'/etc/svc/volatile'
2022/06/27 14:25:36 ossec-syscheckd: INFO:
ignoring: 'C:\WINDOWS/System32/LogFiles'
2022/06/27 14:25:36
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Debug'
2022/06/27
14:25:36 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/WindowsUpdate.log'
2022/06/27 14:25:36
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/iis6.log'
2022/06/27
14:25:36 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/wbem/Logs'
2022/06/27 14:25:36
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/wbem/Repository'
2022/06/27 14:25:36
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Prefetch'
2022/06/27
14:25:36 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2022/06/27 14:25:36
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/SoftwareDistribution'
2022/06/27 14:25:36
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Temp'
2022/06/27
14:25:36 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/config'
2022/06/27 14:25:36
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/spool'
2022/06/27 14:25:36 ossec-syscheckd:
INFO: ignoring: 'C:\WINDOWS/system32/CatRoot'
2022/06/27
14:25:37 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/auth.log'.
2022/06/27 14:25:37
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/syslog'.
2022/06/27 14:25:37 ossec-logcollector(1950):
INFO: Analyzing file: '/var/log/dpkg.log'.
2022/06/27 14:25:37
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/apache2/error.log'.
2022/06/27 14:25:37
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/apache2/access.log'.
2022/06/27 14:25:37
ossec-logcollector: INFO: Monitoring output of command(360): df
-P
2022/06/27 14:25:37 ossec-logcollector: INFO: Monitoring full
output of command(360): netstat -tan |grep LISTEN |egrep -v
'(127.0.0.1| ::1)' | sort
2022/06/27 14:25:37
ossec-logcollector: INFO: Monitoring full output of command(360):
last -n 5
2022/06/27 14:25:37 ossec-logcollector: INFO: Started
(pid: 19396).
2022/06/27 14:26:38 ossec-syscheckd: INFO:
Starting syscheck scan (forwarding database).
2022/06/27
14:26:38 ossec-syscheckd: INFO: Starting syscheck database
(pre-scan).
2022/06/27 14:41:52 ossec-syscheckd: INFO: Finished
creating syscheck database (pre-scan completed).
2022/06/27
14:42:04 ossec-syscheckd: INFO: Ending syscheck scan (forwarding
database).
2022/06/27 14:42:24 rootcheck: INFO: Starting
rootcheck scan.
2022/06/27 14:56:40 rootcheck: INFO: Ending
rootcheck scan.
2022/06/27 15:28:00 ossec-remoted(1213): WARN:
Message from '192.168.ccc.ddd' not allowed.
2022/06/27 15:28:06
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 15:28:10 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/27 15:28:15
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 15:28:21 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/27 16:40:30
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 16:40:36 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/27 16:40:40
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 16:40:45 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/27 16:40:51
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 19:22:46 ossec-monitord(1225): INFO: SIGNAL
[(15)-(Terminated)] Received. Exit Cleaning...
2022/06/27
19:22:46 ossec-logcollector(1225): INFO: SIGNAL [(15)-(Terminated)]
Received. Exit Cleaning...
2022/06/27 19:22:46
ossec-remoted(1225): INFO: SIGNAL [(15)-(Terminated)] Received. Exit
Cleaning...
2022/06/27 19:22:46 ossec-syscheckd(1225): INFO:
SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...
2022/06/27
19:22:46 ossec-analysisd(1225): INFO: SIGNAL [(15)-(Terminated)]
Received. Exit Cleaning...
2022/06/27 19:22:47 ossec-testrule:
INFO: Reading local decoder file.
2022/06/27 19:22:47
ossec-testrule: INFO: Started (pid: 23424).
2022/06/27 19:22:47
ossec-execd(1350): INFO: Active response disabled.
Exiting.
2022/06/27 19:22:47 ossec-remoted: INFO: Started (pid:
23449).
2022/06/27 19:22:47 ossec-remoted(1501): ERROR: No IP or
network allowed in the access list for syslog. No reason for running
it. Exiting.
2022/06/27 19:22:47 IPv6: :: on port
1514
2022/06/27 19:22:47 Socket bound for IPv6: :: on port
1514
2022/06/27 19:22:47 ossec-remoted: INFO: Started (pid:
23452).
2022/06/27 19:22:47 ossec-analysisd: INFO: Reading local
decoder file.
2022/06/27 19:22:47 ossec-analysisd: INFO: Reading
rules file: 'rules_config.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file: 'pam_rules.xml'
2022/06/27
19:22:47 ossec-analysisd: INFO: Reading rules file:
'sshd_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'telnetd_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'syslog_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'arpwatch_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'symantec-av_rules.xml'
2022/06/27 19:22:47 ossec-analysisd:
INFO: Reading rules file: 'symantec-ws_rules.xml'
2022/06/27
19:22:47 ossec-analysisd: INFO: Reading rules file:
'pix_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'named_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'smbd_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'vsftpd_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'pure-ftpd_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'proftpd_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'ms_ftpd_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'ftpd_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'hordeimp_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'roundcube_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'wordpress_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'cimserver_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'vpopmail_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'vmpop3d_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'courier_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'web_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'web_appsec_rules.xml'
2022/06/27 19:22:47 ossec-analysisd:
INFO: Reading rules file: 'apache_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'nginx_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'php_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'mysql_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'postgresql_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file: 'ids_rules.xml'
2022/06/27
19:22:47 ossec-analysisd: INFO: Reading rules file:
'squid_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'firewall_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'apparmor_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'cisco-ios_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'netscreenfw_rules.xml'
2022/06/27 19:22:47 ossec-analysisd:
INFO: Reading rules file: 'sonicwall_rules.xml'
2022/06/27
19:22:47 ossec-analysisd: INFO: Reading rules file:
'postfix_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'sendmail_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'imapd_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'mailscanner_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'dovecot_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'ms-exchange_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'racoon_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'vpn_concentrator_rules.xml'
2022/06/27
19:22:47 ossec-analysisd: INFO: Reading rules file:
'spamd_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'msauth_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'mcafee_av_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'trend-osce_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'ms-se_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'zeus_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'solaris_bsm_rules.xml'
2022/06/27 19:22:47 ossec-analysisd:
INFO: Reading rules file: 'vmware_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'ms_dhcp_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'asterisk_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'ossec_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'attack_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'openbsd_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'clam_av_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'dropbear_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'sysmon_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'opensmtpd_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'exim_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Reading rules file:
'openbsd-dhcpd_rules.xml'
2022/06/27 19:22:47 ossec-analysisd:
INFO: Reading rules file: 'dnsmasq_rules.xml'
2022/06/27
19:22:47 ossec-analysisd: INFO: Reading rules file:
'nsd_rules.xml'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Reading rules file: 'local_rules.xml'
2022/06/27 19:22:47
ossec-analysisd: INFO: Total rules enabled: '1606'
2022/06/27
19:22:47 ossec-analysisd: INFO: Ignoring file: '/etc/mtab'
2022/06/27
19:22:47 ossec-analysisd: INFO: Ignoring file:
'/etc/mnttab'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Ignoring file: '/etc/hosts.deny'
2022/06/27 19:22:47
ossec-analysisd: INFO: Ignoring file:
'/etc/mail/statistics'
2022/06/27 19:22:47 ossec-analysisd:
INFO: Ignoring file: '/etc/random-seed'
2022/06/27 19:22:47
ossec-analysisd: INFO: Ignoring file: '/etc/adjtime'
2022/06/27
19:22:47 ossec-analysisd: INFO: Ignoring file:
'/etc/httpd/logs'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Ignoring file: '/etc/utmpx'
2022/06/27 19:22:47 ossec-analysisd:
INFO: Ignoring file: '/etc/wtmpx'
2022/06/27 19:22:47
ossec-analysisd: INFO: Ignoring file: '/etc/cups/certs'
2022/06/27
19:22:47 ossec-analysisd: INFO: Ignoring file:
'/etc/dumpdates'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Ignoring file: '/etc/svc/volatile'
2022/06/27 19:22:47
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/System32/LogFiles'
2022/06/27 19:22:47
ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Debug'
2022/06/27
19:22:47 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/WindowsUpdate.log'
2022/06/27 19:22:47
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/iis6.log'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Ignoring file: 'C:\WINDOWS/system32/wbem/Logs'
2022/06/27
19:22:47 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/wbem/Repository'
2022/06/27 19:22:47
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/Prefetch'
2022/06/27 19:22:47 ossec-analysisd: INFO:
Ignoring file: 'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2022/06/27
19:22:47 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/SoftwareDistribution'
2022/06/27 19:22:47
ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Temp'
2022/06/27
19:22:47 ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/config'
2022/06/27 19:22:47
ossec-analysisd: INFO: Ignoring file:
'C:\WINDOWS/system32/spool'
2022/06/27 19:22:47 ossec-analysisd:
INFO: Ignoring file: 'C:\WINDOWS/system32/CatRoot'
2022/06/27
19:22:47 ossec-analysisd: INFO: Started (pid: 23441).
2022/06/27
19:22:48 ossec-monitord: INFO: Started (pid: 23461).
2022/06/27
19:22:48 ossec-remoted(4111): INFO: Maximum number of agents allowed:
'2048'.
2022/06/27 19:22:48 ossec-remoted(1410): INFO: Reading
authentication keys file.
2022/06/27 19:22:48 ossec-remoted:
INFO: No previous counter available for 'D-XPS-WIN10'.
2022/06/27
19:22:48 ossec-remoted: INFO: Assigning counter for agent
D-XPS-WIN10: '0:0'.
2022/06/27 19:22:48 ossec-remoted: INFO: No
previous sender counter.
2022/06/27 19:22:48 ossec-remoted:
INFO: Assigning sender counter: 0:0
2022/06/27 19:22:52
ossec-syscheckd: INFO: Started (pid: 23457).
2022/06/27 19:22:52
ossec-rootcheck: INFO: Started (pid: 23457).
2022/06/27 19:22:52
ossec-syscheckd: INFO: Monitoring directory: '/etc', with options
perm | size | owner | group | md5sum | sha1sum.
2022/06/27
19:22:52 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin',
with options perm | size | owner | group | md5sum |
sha1sum.
2022/06/27 19:22:52 ossec-syscheckd: INFO: Monitoring
directory: '/usr/sbin', with options perm | size | owner | group |
md5sum | sha1sum.
2022/06/27 19:22:52 ossec-syscheckd: INFO:
Monitoring directory: '/bin', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/27 19:22:52 ossec-syscheckd:
INFO: Monitoring directory: '/sbin', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/27 19:22:52 ossec-syscheckd:
INFO: Monitoring directory: '/boot', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/27 19:22:52 ossec-syscheckd:
INFO: ignoring: '/etc/mtab'
2022/06/27 19:22:52 ossec-syscheckd:
INFO: ignoring: '/etc/mnttab'
2022/06/27 19:22:52
ossec-syscheckd: INFO: ignoring: '/etc/hosts.deny'
2022/06/27
19:22:52 ossec-syscheckd: INFO: ignoring:
'/etc/mail/statistics'
2022/06/27 19:22:52 ossec-syscheckd:
INFO: ignoring: '/etc/random-seed'
2022/06/27 19:22:52
ossec-syscheckd: INFO: ignoring: '/etc/adjtime'
2022/06/27
19:22:52 ossec-syscheckd: INFO: ignoring:
'/etc/httpd/logs'
2022/06/27 19:22:52 ossec-syscheckd: INFO:
ignoring: '/etc/utmpx'
2022/06/27 19:22:52 ossec-syscheckd:
INFO: ignoring: '/etc/wtmpx'
2022/06/27 19:22:52
ossec-syscheckd: INFO: ignoring: '/etc/cups/certs'
2022/06/27
19:22:52 ossec-syscheckd: INFO: ignoring: '/etc/dumpdates'
2022/06/27
19:22:52 ossec-syscheckd: INFO: ignoring:
'/etc/svc/volatile'
2022/06/27 19:22:52 ossec-syscheckd: INFO:
ignoring: 'C:\WINDOWS/System32/LogFiles'
2022/06/27 19:22:52
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Debug'
2022/06/27
19:22:52 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/WindowsUpdate.log'
2022/06/27 19:22:52
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/iis6.log'
2022/06/27
19:22:52 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/wbem/Logs'
2022/06/27 19:22:52
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/wbem/Repository'
2022/06/27 19:22:52
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Prefetch'
2022/06/27
19:22:52 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl'
2022/06/27 19:22:52
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/SoftwareDistribution'
2022/06/27 19:22:52
ossec-syscheckd: INFO: ignoring: 'C:\WINDOWS/Temp'
2022/06/27
19:22:52 ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/config'
2022/06/27 19:22:52
ossec-syscheckd: INFO: ignoring:
'C:\WINDOWS/system32/spool'
2022/06/27 19:22:52 ossec-syscheckd:
INFO: ignoring: 'C:\WINDOWS/system32/CatRoot'
2022/06/27
19:22:53 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/auth.log'.
2022/06/27 19:22:53
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/syslog'.
2022/06/27 19:22:53 ossec-logcollector(1950):
INFO: Analyzing file: '/var/log/dpkg.log'.
2022/06/27 19:22:53
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/apache2/error.log'.
2022/06/27 19:22:53
ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/apache2/access.log'.
2022/06/27 19:22:53
ossec-logcollector: INFO: Monitoring output of command(360): df
-P
2022/06/27 19:22:53 ossec-logcollector: INFO: Monitoring full
output of command(360): netstat -tan |grep LISTEN |egrep -v
'(127.0.0.1| ::1)' | sort
2022/06/27 19:22:53
ossec-logcollector: INFO: Monitoring full output of command(360):
last -n 5
2022/06/27 19:22:53 ossec-logcollector: INFO: Started
(pid: 23445).
2022/06/27 19:23:54 ossec-syscheckd: INFO:
Starting syscheck scan (forwarding database).
2022/06/27
19:23:54 ossec-syscheckd: INFO: Starting syscheck database
(pre-scan).
2022/06/27 19:39:08 ossec-syscheckd: INFO: Finished
creating syscheck database (pre-scan completed).
2022/06/27
19:39:20 ossec-syscheckd: INFO: Ending syscheck scan (forwarding
database).
2022/06/27 19:39:40 rootcheck: INFO: Starting
rootcheck scan.
2022/06/27 19:53:48 rootcheck: INFO: Ending
rootcheck scan.
2022/06/27 20:09:18 ossec-remoted(1213): WARN:
Message from '192.168.ccc.ddd' not allowed.
2022/06/27 20:09:24
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 20:09:28 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not allowed.
2022/06/27 20:09:33
ossec-remoted(1213): WARN: Message from '192.168.ccc.ddd' not
allowed.
2022/06/27 20:09:39 ossec-remoted(1213): WARN: Message
from '192.168.ccc.ddd' not
allowed.
root-laptop:/var/ossec/logs#
###
agent's ossec.log
2022/06/16 09:46:13 ossec-agent: INFO: Service
does not exist (OssecSvc) nothing to remove.
2022/06/16
09:46:13 ossec-agent: INFO: Successfully added to the service
database.
2022/06/16 09:46:14 ossec-agent: INFO: System is
Vista or newer (Microsoft Windows 8 Business Edition Professional
(Build 9200) - OSSEC HIDS v3.7.0).
2022/06/16
10:01:18 ossec-agent: Using notify time: 600 and max time to
reconnect: 1800
2022/06/16 10:01:18 ossec-agent(1907):
INFO: Non-standard event log set: 'Windows PowerShell'.
2022/06/16
10:01:18 ossec-execd(1350): INFO: Active response disabled.
Exiting.
2022/06/16 10:01:18 ossec-agent(1410): INFO:
Reading authentication keys file.
2022/06/16 10:01:18
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/16 10:01:18 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:01:18 ossec-agent: Starting syscheckd
thread.
2022/06/16 10:01:18 ossec-rootcheck: INFO: Started
(pid: 28508).
2022/06/16 10:01:18 ossec-syscheckd: INFO:
Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Classes\batfile'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Classes\comfile'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Classes\exefile'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Classes\piffile'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Classes\Directory'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Classes\Folder'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Classes\Protocols'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Policies'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Security'.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer'.
2022/06/16 10:01:18 ossec-syscheckd: INFO:
Monitoring registry entry:
'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session
Manager\KnownDLLs'.
2022/06/16 10:01:18 ossec-syscheckd:
INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\winreg'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies'.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Windows'.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon'.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring registry entry:
'HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed
Components'.
2022/06/16 10:01:18 ossec-syscheckd: INFO:
Monitoring directory: 'C:\WINDOWS/win.ini', with options perm | size
| owner | group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory: 'C:\WINDOWS/system.ini',
with options perm | size | owner | group | md5sum |
sha1sum.
2022/06/16 10:01:18 ossec-syscheckd: INFO:
Monitoring directory: 'C:\autoexec.bat', with options perm | size |
owner | group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory: 'C:\config.sys', with
options perm | size | owner | group | md5sum | sha1sum.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring directory: 'C:\boot.ini',
with options perm | size | owner | group | md5sum |
sha1sum.
2022/06/16 10:01:18 ossec-syscheckd: INFO:
Monitoring directory: 'C:\WINDOWS/SysNative/at.exe', with options
perm | size | owner | group | md5sum | sha1sum.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/attrib.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/cacls.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/cmd.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/drivers/etc', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/eventcreate.exe', with options perm | size |
owner | group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/ftp.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/lsass.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/net.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/net1.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/netsh.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/reg.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/regedt32.exe', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/regsvr32.exe', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/runas.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/sc.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/schtasks.exe', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/sethc.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/subst.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/wbem/WMIC.exe', with options perm | size |
owner | group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/WindowsPowerShell\v1.0\powershell.exe', with
options perm | size | owner | group | md5sum | sha1sum.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/SysNative/winrm.vbs', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/CONFIG.NT', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/AUTOEXEC.NT', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/at.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/attrib.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/cacls.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/debug.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/drwatson.exe', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/drwtsn32.exe', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/edlin.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/eventcreate.exe', with options perm | size |
owner | group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/eventtriggers.exe', with options perm | size |
owner | group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/ftp.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/net.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/net1.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/netsh.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/rcp.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/reg.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/regedit.exe', with options perm | size | owner | group |
md5sum | sha1sum.
2022/06/16 10:01:18 ossec-syscheckd:
INFO: Monitoring directory: 'C:\WINDOWS/System32/regedt32.exe', with
options perm | size | owner | group | md5sum | sha1sum.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/regsvr32.exe', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/rexec.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/rsh.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/runas.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/sc.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/subst.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/telnet.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/tftp.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/tlntsvr.exe', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/drivers/etc', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/wbem/WMIC.exe', with options perm | size | owner
| group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/WindowsPowerShell\v1.0\powershell.exe', with
options perm | size | owner | group | md5sum | sha1sum.
2022/06/16
10:01:18 ossec-syscheckd: INFO: Monitoring directory:
'C:\WINDOWS/System32/winrm.vbs', with options perm | size | owner |
group | md5sum | sha1sum.
2022/06/16 10:01:18
ossec-syscheckd: INFO: Monitoring directory:
'C:\ProgramData/Microsoft/Windows/Start Menu/Programs/Startup', with
options perm | size | owner | group | md5sum | sha1sum |
realtime.
2022/06/16 10:01:18 ossec-syscheckd: INFO:
Started (pid: 28508).
2022/06/16 10:01:28 ossec-agent:
WARN: Process locked. Waiting for permission...
2022/06/16
10:01:39 ossec-agentd(4101): WARN: Waiting for server reply (not
started). Tried: '192.168.yyy.zzz'.
2022/06/16 10:01:41
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/16 10:01:41 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:02:02 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:02:22 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:02:22 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:02:43 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:03:21 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:03:21 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:03:42 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:04:38 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:04:38 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:04:59 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:06:13 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:06:13 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:06:34 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:08:06 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:08:06 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:08:27 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:10:17 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:10:17 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:10:38 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:12:46 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:12:46 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:13:07 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:15:33 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:15:33 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:15:54 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:18:38 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:18:38 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:19:00 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:22:02 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:22:02 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:22:23 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:25:43 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:25:43 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:26:04 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:29:42 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:29:42 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:30:03 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:33:59 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:33:59 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:34:20 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:38:34 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:38:34 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:38:55 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:43:27 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:43:27 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:43:48 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:48:38 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:48:38 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:48:59 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
10:54:07 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 10:54:07 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 10:54:28 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
11:33:35 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 11:33:35 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 11:33:56 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
12:06:21 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 12:06:21 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 12:06:42 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
12:12:44 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 12:12:44 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 12:13:06 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
12:34:02 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 12:34:02 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 12:34:23 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
12:41:01 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 12:41:01 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 12:41:22 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
12:48:18 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 12:48:18 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 12:48:39 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
12:55:53 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 12:55:53 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 12:56:14 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
13:03:46 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 13:03:46 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 13:04:07 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
13:11:57 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 13:11:57 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 13:12:18 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
13:20:26 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 13:20:26 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 13:20:47 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
13:29:13 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 13:29:13 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 13:29:34 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
13:38:18 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 13:38:18 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 13:38:40 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
13:47:42 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 13:47:42 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 13:48:03 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
13:57:23 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 13:57:23 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 13:57:44 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
14:07:22 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 14:07:22 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 14:07:43 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
14:17:39 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 14:17:39 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 14:18:00 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
14:28:14 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 14:28:14 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 14:28:35 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
14:39:07 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 14:39:07 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 14:39:28 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
14:50:18 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 14:50:18 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 14:50:39 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
15:01:47 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 15:01:47 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 15:02:08 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
15:13:34 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 15:13:34 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 15:13:55 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
15:25:39 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 15:25:39 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 15:26:00 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
15:39:09 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 15:39:09 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 15:39:30 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
15:51:50 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 15:51:50 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 15:52:11 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
16:14:54 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 16:14:54 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 16:15:15 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
16:28:11 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 16:28:11 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 16:28:32 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
16:41:46 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 16:41:46 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 16:42:07 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
16:55:39 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 16:55:39 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 16:56:00 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
17:09:50 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 17:09:50 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 17:10:11 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
17:24:19 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 17:24:19 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 17:24:40 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
17:39:06 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 17:39:06 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 17:39:27 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
18:56:39 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 18:56:39 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 18:57:00 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
19:12:02 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 19:12:02 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 19:12:23 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
19:27:43 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 19:27:43 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 19:28:04 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
19:43:42 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 19:43:42 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 19:44:03 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
20:00:47 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 20:00:47 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 20:01:08 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
20:26:06 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 20:26:06 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 20:26:28 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
20:43:00 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 20:43:00 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 20:43:21 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
21:00:11 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 21:00:11 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 21:31:14 ossec-agentd(1218): ERROR: Unable
to send message to 'server'.
2022/06/16 21:31:15
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/16 21:48:23
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/16 21:48:23 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 21:48:44 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
22:06:10 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 22:06:10 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 22:06:31 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
22:24:15 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 22:24:15 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 22:24:36 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
23:00:26 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 23:00:26 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 23:00:48 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
23:19:08 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 23:19:08 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 23:23:24 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/16
23:42:02 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/16 23:42:02 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/16 23:42:02 ossec-agentd(1218): ERROR: Unable
to send message to 'server'.
2022/06/16 23:42:09
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/16 23:42:14 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/16 23:42:20
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/16 23:42:27 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/16 23:42:28
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/17 00:01:24
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/17 00:01:24 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 00:01:24 ossec-agentd(1218): ERROR: Unable
to send message to 'server'.
2022/06/17 00:01:31
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/17 00:01:36 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/17 00:01:42
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/17 00:01:49 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/17 00:01:50
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/17 00:21:04
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/17 00:21:04 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 00:21:04 ossec-agentd(1218): ERROR: Unable
to send message to 'server'.
2022/06/17 00:21:11
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/17 00:21:16 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/17 00:21:22
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/17 00:21:29 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/17 00:21:30
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/17 00:41:02
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/17 00:41:02 ossec-agentd(1216): ERROR:
Unable to connect to '192.168.yyy.zzz'.
2022/06/17
00:41:14 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 00:41:14
ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 00:41:36 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
00:41:36 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 00:42:08 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
00:42:08 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 00:42:50 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
00:42:50 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 00:43:42 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
00:43:42 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 00:44:44 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
00:44:44 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 00:45:56 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
00:45:56 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 00:47:18 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
00:47:18 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 00:48:50 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
00:48:50 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 00:50:32 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
00:50:32 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 00:52:24 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
00:52:24 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 00:54:26 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
00:54:26 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 00:56:38 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
00:56:38 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 00:59:00 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
00:59:00 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 01:01:32 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
01:01:32 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 01:04:14 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
01:04:14 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 01:07:06 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
01:07:06 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 01:10:08 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
01:10:08 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 01:13:20 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
01:13:20 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 01:16:42 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
01:16:42 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 01:20:14 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
01:20:14 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 01:23:56 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
01:23:56 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 01:27:48 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
01:27:48 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 01:31:50 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
01:31:50 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 01:36:02 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
01:36:02 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 01:40:24 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
01:40:24 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 01:44:56 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
01:44:56 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 01:49:38 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
01:49:38 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 01:54:30 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
01:54:30 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 01:59:32 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
01:59:32 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 02:04:45 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
02:04:45 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 02:10:07 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
02:10:07 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 02:15:39 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
02:15:39 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 02:21:21 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
02:21:21 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 02:27:13 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
02:27:13 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 02:33:15 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
02:33:15 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 02:39:27 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
02:39:27 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 02:45:49 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
02:45:49 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 02:52:21 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
02:52:21 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 02:59:03 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
02:59:03 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 03:05:55 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
03:05:55 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 03:12:57 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
03:12:57 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 03:20:09 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
03:20:09 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 03:27:31 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
03:27:31 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 03:35:03 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
03:35:03 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 03:42:45 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
03:42:45 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 03:50:37 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
03:50:37 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 03:58:39 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
03:58:39 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 04:06:51 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
04:06:51 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 04:15:13 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
04:15:13 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 04:23:45 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
04:23:45 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 04:32:27 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
04:32:27 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 04:41:19 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
04:41:19 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 04:50:21 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
04:50:21 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 04:59:33 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
04:59:33 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 05:08:55 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
05:08:55 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 05:18:27 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
05:18:27 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 05:28:09 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
05:28:09 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 05:38:01 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
05:38:01 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 05:48:03 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
05:48:03 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 05:58:15 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
05:58:15 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 06:08:37 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
06:08:37 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 06:19:09 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
06:19:09 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 06:29:51 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
06:29:51 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 06:40:43 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
06:40:43 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 06:51:45 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
06:51:45 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 07:02:57 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
07:02:57 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 07:14:19 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
07:14:19 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 07:25:51 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
07:25:51 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/17 07:39:33 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/17
07:39:33 INFO: Connected to 192.168.yyy.zzz at address
192.168.yyy.zzz:1514, port 1514
2022/06/17 07:39:54
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/17 08:43:53
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/17 08:43:53 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 08:44:14 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
09:04:22 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 09:04:22 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 09:09:19 ossec-agentd(1218): ERROR: Unable
to send message to 'server'.
2022/06/17 09:19:00
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/17 09:39:26
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/17 09:39:26 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 09:39:47 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
10:00:31 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 10:00:31 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 10:00:52 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
10:27:42 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 10:27:42 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 10:28:03 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
11:23:14 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 11:23:14 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 11:23:35 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
11:45:13 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 11:45:13 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 11:45:34 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
12:07:30 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 12:07:30 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 12:07:51 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
12:30:05 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 12:30:05 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 12:30:26 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
15:20:15 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 15:20:15 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 15:20:36 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
15:43:26 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 15:43:26 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 15:43:47 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
16:06:55 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 16:06:55 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 16:07:16 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
16:30:42 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 16:30:42 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 16:31:03 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
17:33:40 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 17:33:40 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 17:34:01 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
17:58:03 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 17:58:03 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 17:58:24 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
19:32:27 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 19:32:27 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 19:32:48 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
20:06:59 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 20:06:59 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 20:07:20 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
20:32:16 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 20:32:16 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 20:32:37 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
20:57:51 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 20:57:51 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 20:58:12 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
21:23:44 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 21:23:44 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 21:24:05 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
21:49:55 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 21:49:55 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 21:50:16 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/17
22:16:24 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/17 22:16:24 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/17 22:16:45 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/18
06:01:50 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/18 06:01:50 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/18 06:02:11 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/18
06:28:55 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/18 06:28:55 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/18 06:29:16 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/18
06:56:18 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/18 06:56:18 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/18 06:57:07 ossec-agentd(1218): ERROR: Unable
to send message to 'server'.
2022/06/18 07:03:03
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/18 07:30:23
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/18 07:30:23 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/18 07:30:44 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/18
08:50:30 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/18 08:50:30 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/18 08:50:51 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/18
09:39:03 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/18 09:39:03 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/18 09:39:24 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/18
10:09:54 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/18 10:09:54 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/18 10:09:54 ossec-agentd(1218): ERROR: Unable
to send message to 'server'.
2022/06/18 10:10:01
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/18 10:10:06 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/18 10:10:12
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/18 10:10:19 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/18 10:10:20
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/18 10:38:52
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/18 10:38:52 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/18 10:38:52 ossec-agentd(1218): ERROR: Unable
to send message to 'server'.
2022/06/18 10:38:59
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/18 10:39:04 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/18 10:39:10
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/18 10:39:17 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/18 10:39:18
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/18 11:08:08
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/18 11:08:08 ossec-agentd(1216): ERROR:
Unable to connect to '192.168.yyy.zzz'.
2022/06/18
11:08:20 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/18 11:08:20
ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:08:42 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:08:42 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:09:14 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:09:14 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:09:56 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:09:56 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:10:48 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:10:48 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:11:50 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:11:50 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:13:02 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:13:02 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:14:24 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:14:24 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:15:56 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:15:56 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:17:38 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:17:38 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:19:30 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:19:30 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:21:32 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:21:32 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:23:44 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:23:44 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:26:06 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:26:06 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:28:38 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:28:38 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:31:20 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:31:20 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:34:12 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:34:12 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:37:14 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:37:14 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:40:26 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:40:26 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:43:48 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:43:48 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:47:20 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:47:20 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:51:02 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:51:02 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:54:54 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:54:54 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 11:58:56 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
11:58:56 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 12:03:08 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
12:03:08 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 12:07:30 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
12:07:30 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 12:12:02 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
12:12:02 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 12:16:44 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
12:16:44 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 12:21:36 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
12:21:36 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 12:26:38 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
12:26:38 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 12:31:50 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
12:31:50 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 12:37:12 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
12:37:12 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 12:42:44 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
12:42:44 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 12:48:26 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
12:48:26 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 12:54:18 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
12:54:18 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 13:00:20 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
13:00:20 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 13:06:32 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
13:06:32 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 13:12:54 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
13:12:54 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 13:19:26 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
13:19:26 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 13:26:08 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
13:26:08 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 13:33:00 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
13:33:00 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 13:40:02 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
13:40:02 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 13:47:14 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
13:47:14 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 13:54:36 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
13:54:36 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 14:02:08 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
14:02:08 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 14:09:51 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
14:09:51 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 14:17:43 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
14:17:43 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 14:25:45 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
14:25:45 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 14:33:57 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
14:33:57 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 14:42:19 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
14:42:19 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 14:50:51 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
14:50:51 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 14:59:33 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
14:59:33 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 15:08:25 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
15:08:25 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 15:17:27 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
15:17:27 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 15:26:39 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
15:26:39 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 15:36:01 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
15:36:01 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 15:45:33 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
15:45:33 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/18 15:55:15 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/18
15:55:15 INFO: Connected to 192.168.yyy.zzz at address
192.168.yyy.zzz:1514, port 1514
2022/06/18 15:55:36
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/18 16:24:43
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/18 16:24:43 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/18 16:25:04 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/18
16:54:30 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/18 16:54:30 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/18 16:54:51 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/18
17:24:35 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/18 17:24:35 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/18 17:24:56 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/18
17:56:19 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/18 17:56:19 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/18 17:56:40 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/18
19:09:26 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/18 19:09:26 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/18 19:09:47 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/18
20:02:09 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/18 20:02:09 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/18 20:02:30 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/18
20:33:26 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/18 20:33:26 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/18 20:33:48 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/18
22:18:59 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/18 22:18:59 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/18 22:19:20 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/19
06:50:34 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/19 06:50:34 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/19 06:50:55 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/19
08:23:56 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/19 08:23:56 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/19 08:24:17 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/19
09:22:14 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/19 09:22:14 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/19 09:22:36 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/19
09:55:02 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/19 09:55:02 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/19 09:55:23 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/19
10:50:30 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/19 10:50:30 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/19 10:50:51 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/19
11:24:01 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/19 11:24:01 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/19 11:24:01 ossec-agentd(1218): ERROR: Unable
to send message to 'server'.
2022/06/19 11:24:08
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/19 11:24:13 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/19 11:24:19
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/19 11:24:26 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/19 11:24:27
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/19 11:57:47
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/19 11:57:47 ossec-agentd(1216): ERROR:
Unable to connect to '192.168.yyy.zzz'.
2022/06/19
11:57:59 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/19 11:57:59
ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 11:58:21 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
11:58:21 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 11:58:53 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
11:58:53 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 11:59:35 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
11:59:35 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:00:27 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:00:27 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:01:29 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:01:29 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:02:41 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:02:41 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:04:03 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:04:03 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:05:35 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:05:35 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:07:17 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:07:17 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:09:09 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:09:09 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:11:11 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:11:11 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:13:23 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:13:23 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:15:45 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:15:45 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:18:17 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:18:17 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:20:59 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:20:59 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:23:51 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:23:51 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:26:53 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:26:53 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:30:05 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:30:05 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:33:27 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:33:27 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:36:59 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:36:59 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:40:41 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:40:41 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:44:33 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:44:33 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:48:35 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:48:35 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:52:47 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:52:47 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 12:57:09 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
12:57:09 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 13:01:41 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
13:01:41 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 13:06:23 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
13:06:23 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 13:11:15 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
13:11:15 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 13:16:17 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
13:16:17 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 13:21:29 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
13:21:29 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 13:26:51 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
13:26:51 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 13:32:23 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
13:32:23 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 13:38:05 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
13:38:05 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 13:43:57 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
13:43:57 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 13:49:59 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
13:49:59 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 13:56:11 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
13:56:11 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 14:02:33 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
14:02:33 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 14:09:05 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
14:09:05 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 14:15:47 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
14:15:47 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 14:22:39 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
14:22:39 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 14:29:41 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
14:29:41 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 14:36:53 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
14:36:53 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 14:44:15 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
14:44:15 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/19 14:51:47 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/19
14:51:47 INFO: Connected to 192.168.yyy.zzz at address
192.168.yyy.zzz:1514, port 1514
2022/06/19 14:52:08
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/19 15:25:46
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/19 15:25:46 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/19 15:26:08 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/19
16:00:04 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/19 16:00:04 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/19 16:00:25 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/19
16:57:17 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/19 16:57:18 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/19 16:57:39 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/19
17:32:11 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/19 17:32:11 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/19 17:32:32 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/19
19:20:29 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/19 19:20:29 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/19 19:20:50 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/19
19:58:29 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/19 19:58:29 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/19 19:58:50 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/19
20:34:16 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/19 20:34:16 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/19 20:34:37 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/19
21:10:21 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/19 21:10:21 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/19 21:10:42 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/19
21:46:44 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/19 21:46:44 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/19 21:47:05 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/19
22:23:25 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/19 22:23:25 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/19 22:23:46 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/20
06:48:38 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/20 06:48:38 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 06:48:59 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/20
07:37:56 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/20 07:37:56 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 07:37:56 ossec-agentd(1218): ERROR: Unable
to send message to 'server'.
2022/06/20 07:38:03
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/20 07:38:08 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/20 07:38:14
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/20 07:38:21 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/20 07:38:22
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/20 08:15:36
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/20 08:15:36 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 08:15:57 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/20
08:53:29 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/20 08:53:29 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 08:53:50 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/20
09:33:14 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/20 09:33:15 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 09:33:36 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/20
10:18:06 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/20 10:18:06 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 10:18:27 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/20
10:56:53 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/20 10:56:53 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 10:57:14 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/20
11:35:58 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/20 11:35:58 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 11:36:19 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/20
14:34:07 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/20 14:34:07 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 14:34:28 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/20
15:13:48 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/20 15:13:48 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 15:14:09 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/20
15:53:47 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/20 15:53:47 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 15:54:09 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/20
16:34:05 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/20 16:34:05 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 16:34:26 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/20
17:14:40 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/20 17:14:40 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 17:15:01 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/20
19:03:43 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/20 19:03:43 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 19:04:04 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/20
20:31:50 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/20 20:31:50 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 20:32:11 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/20
21:13:19 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/20 21:13:19 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 21:13:40 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/20
21:55:06 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/20 21:55:06 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/20 21:55:27 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/21
07:05:37 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/21 07:05:37 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/21 07:05:47 ossec-agentd(1218): ERROR: Unable
to send message to 'server'.
2022/06/21 07:05:53
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/21 07:06:00 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/21 07:06:01
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/21 09:20:39
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/21 09:20:39 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/21 09:21:00 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/21
13:04:27 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/21 13:04:27 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/21 13:04:48 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/21
13:47:26 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/21 13:47:26 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/21 13:47:47 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/21
14:30:44 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/21 14:30:44 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/21 14:31:05 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/21
15:43:36 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/21 15:43:36 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/21 15:43:57 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/21
16:27:29 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/21 16:27:29 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/21 16:27:50 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/21
17:11:40 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/21 17:11:40 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/21 17:12:01 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/21
18:00:18 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/21 18:00:18 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/21 18:00:18 ossec-agentd(1218): ERROR: Unable
to send message to 'server'.
2022/06/21 18:00:25
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/21 18:00:30 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/21 18:00:36
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/21 18:00:43 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/21 18:00:44
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/21 20:05:23
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/21 20:05:23 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/21 20:05:44 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/21
20:59:47 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/21 20:59:47 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/21 21:00:08 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/21
22:49:43 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/21 22:49:43 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/21 22:50:04 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/22
07:14:43 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/22 07:14:43 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/22 07:15:04 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/22
08:00:42 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/22 08:00:42 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/22 08:01:04 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/22
08:47:00 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/22 08:47:00 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/22 08:47:21 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/22
09:38:58 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/22 09:38:58 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/22 09:39:19 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/22
11:06:33 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/22 11:06:33 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/22 11:06:54 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/22
12:13:30 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/22 12:13:30 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/22 12:13:51 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/22
14:57:50 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/22 14:57:50 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/22 14:58:11 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/22
15:45:37 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/22 15:45:37 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/22 15:45:58 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/22
16:33:42 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/22 16:33:42 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/22 16:34:03 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/22
18:13:49 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/22 18:13:49 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/22 18:14:10 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/22
19:02:30 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/22 19:02:30 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/22 19:02:51 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/22
19:51:29 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/22 19:51:29 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/22 19:51:50 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/22
20:40:46 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/22 20:40:46 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/22 20:41:07 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/22
21:30:21 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/22 21:30:21 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/22 21:30:43 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/23
07:24:21 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/23 07:24:21 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/23 07:24:42 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/23
09:49:16 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/23 09:49:16 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/23 09:49:37 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/23
11:19:06 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/23 11:19:06 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/23 11:19:27 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/23
12:09:53 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/23 12:09:53 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/23 12:10:14 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/23
13:41:54 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/23 13:41:54 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/23 13:42:15 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/23
14:33:17 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/23 14:33:17 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/23 14:33:38 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/23
15:24:58 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/23 15:24:58 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/23 15:25:19 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/23
16:16:57 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/23 16:16:57 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/23 16:17:18 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/23
17:09:14 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/23 17:09:14 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/23 17:09:35 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/23
18:35:04 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/23 18:35:04 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/23 18:35:25 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/23
19:41:06 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/23 19:41:06 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/23 19:58:01 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/23
20:50:51 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/23 20:50:51 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/23 20:51:12 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/23
21:44:20 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/23 21:44:20 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/23 21:44:41 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/24
06:46:49 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/24 06:46:49 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/24 06:47:10 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/24
08:41:21 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/24 08:41:21 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/24 08:41:42 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/24
09:43:15 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/24 09:43:15 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/24 09:43:36 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/24
10:43:55 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/24 10:43:55 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/24 10:44:16 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/24
11:49:04 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/24 11:49:04 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/24 11:49:25 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/24
13:36:26 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/24 13:36:26 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/24 13:36:47 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/24
14:38:16 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/24 14:38:16 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/24 14:38:16 ossec-agentd(1218): ERROR: Unable
to send message to 'server'.
2022/06/24 14:38:23
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/24 14:38:28 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/24 14:38:34
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/24 14:38:41 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/24 14:38:42
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/24 15:34:14
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/24 15:34:14 ossec-agentd(1216): ERROR:
Unable to connect to '192.168.yyy.zzz'.
2022/06/24
15:34:26 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/24 15:34:26
ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 15:34:48 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
15:34:48 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 15:35:20 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
15:35:20 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 15:36:02 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
15:36:02 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 15:36:54 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
15:36:54 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 15:37:56 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
15:37:56 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 15:39:08 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
15:39:08 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 15:40:30 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
15:40:30 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 15:42:02 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
15:42:02 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 15:43:44 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
15:43:44 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 15:45:36 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
15:45:36 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 15:47:38 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
15:47:38 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 15:49:50 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
15:49:50 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 15:52:12 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
15:52:12 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 15:54:44 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
15:54:44 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 15:57:26 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
15:57:26 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 16:00:18 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
16:00:18 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 16:03:20 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
16:03:20 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 16:06:32 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
16:06:32 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 16:09:54 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
16:09:54 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 16:13:26 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
16:13:26 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 16:17:08 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
16:17:08 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 16:21:00 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
16:21:00 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 16:25:02 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
16:25:02 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 16:29:14 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
16:29:14 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 16:33:36 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
16:33:36 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 16:38:08 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
16:38:08 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 16:42:50 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
16:42:50 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 16:47:42 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
16:47:42 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 16:52:44 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
16:52:44 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 16:57:56 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
16:57:56 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 17:03:18 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
17:03:18 ossec-agentd(1216): ERROR: Unable to connect to
'192.168.yyy.zzz'.
2022/06/24 17:08:50 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/24
17:08:50 INFO: Connected to 192.168.yyy.zzz at address
192.168.yyy.zzz:1514, port 1514
2022/06/24 17:09:11
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/24 18:11:47
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/24 18:11:47 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/24 18:12:08 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/24
19:59:29 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/24 19:59:29 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/24 19:59:50 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/24
21:30:46 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/24 21:30:46 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/24 21:31:07 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/24
22:27:51 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/24 22:27:51 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/24 22:28:12 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/25
08:58:25 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/25 08:58:25 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/25 08:58:46 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/25
09:56:06 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/25 09:56:06 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/25 09:56:27 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/25
10:54:05 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/25 10:54:05 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/25 10:54:26 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/25
11:52:22 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/25 11:52:22 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/25 11:52:43 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/25
12:50:57 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/25 12:50:57 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/25 12:51:18 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/25
13:49:50 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/25 13:49:50 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/25 13:50:11 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/25
14:49:01 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/25 14:49:01 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/25 14:49:22 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/25
19:01:03 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/25 19:01:03 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/25 19:01:25 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/25
20:00:51 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/25 20:00:51 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/25 20:01:12 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/25
21:00:56 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/25 21:00:56 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/25 21:01:17 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/25
22:01:19 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/25 22:01:19 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/25 22:01:40 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/26
07:22:25 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/26 07:22:25 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/26 07:22:46 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/26
09:10:03 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/26 09:10:03 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/26 09:10:24 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/26
10:54:11 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/26 10:54:11 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/26 10:54:32 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/26
11:55:46 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/26 11:55:46 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/26 11:56:08 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/26
12:57:40 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/26 12:57:40 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/26 12:58:01 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/26
14:08:48 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/26 14:08:48 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/26 14:08:48 ossec-agentd(1218): ERROR: Unable
to send message to 'server'.
2022/06/26 14:08:55
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/26 14:09:00 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/26 14:09:06
ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2022/06/26 14:09:13 ossec-agentd(1218): ERROR:
Unable to send message to 'server'.
2022/06/26 14:09:14
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/26 21:28:02
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/26 21:28:02 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/26 21:28:23 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/26
22:30:49 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/26 22:30:49 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/26 22:31:10 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/27
08:45:53 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/27 08:45:53 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/27 08:46:14 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/27
09:49:16 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/27 09:49:16 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/27 09:49:37 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/27
10:52:57 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/27 10:52:57 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/27 10:53:18 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/27
14:23:43 ossec-agentd: INFO: Trying to connect to server
192.168.yyy.zzz, port 1514.
2022/06/27 14:23:43 INFO:
Connected to 192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/27 14:24:04 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/27
15:13:49 ossec-agent: INFO: Unable to set service
information.
2022/06/27 15:16:04 ossec-agent: INFO: Unable
to set service information.
2022/06/27 15:16:20
ossec-agent: INFO: Unable to set service information.
2022/06/27
15:17:26 manage_agents: ERROR: Cannot unlink rids/sender: Permission
denied
2022/06/27 15:28:00 ossec-agentd: INFO: Trying to
connect to server 192.168.yyy.zzz, port 1514.
2022/06/27
15:28:00 INFO: Connected to 192.168.yyy.zzz at address
192.168.yyy.zzz:1514, port 1514
2022/06/27 15:28:21
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
2022/06/27 16:40:30
ossec-agentd: INFO: Trying to connect to server 192.168.yyy.zzz, port
1514.
2022/06/27 16:40:30 INFO: Connected to
192.168.yyy.zzz at address 192.168.yyy.zzz:1514, port
1514
2022/06/27 16:40:51 ossec-agentd(4101): WARN: Waiting
for server reply (not started). Tried: '192.168.yyy.zzz'.
2022/06/27
19:13:20 ossec-agent: INFO: Unable to set service
information.
2022/06/27 20:09:18 ossec-agentd: INFO:
Trying to connect to server 192.168.yyy.zzz, port 1514.
2022/06/27
20:09:18 INFO: Connected to 192.168.yyy.zzz at address
192.168.yyy.zzz:1514, port 1514
2022/06/27 20:09:39
ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '192.168.yyy.zzz'.
### following shows I can
troubleshoot, but OSSEC+ got me stumpted:
Trying to install and use OSSEC. OSSEC is an Intrusion Detection System (IDS), important to Security’s Protection in Depth. OSSEC has two parts: server and agent. Installed both parts. Both parts need communicate with each other. But my server and agent did not communicate with each other. Why: install/config of parts? Firewall between them? Unknown? Unknown unknown? Ghosts? Conspiracies? Let’s investigate. Note to file: today’s date 2202-06-21.
First google was for ‘tshark’. Tshark offers to capture and display network communications. Just what is needed.
Second google was for ‘tshark install ubuntu 20.04’. Reviewed several of google’s matches. All said ask your ubuntu for ‘apt install tshark’. That erred out with “'~wireshark-dev' user or team does not exist.” Well, had previously ‘apted’ multiple times, over time, and never before seen this error. Double checked spelling. No problems there.
Third google was for “'~wireshark-dev' user or team does not exist.” Reviewed many of google’s matches. Many said ask your ubuntu for ‘sudo add-apt-repository -y ppa:wireshark-dev/stable’. But that erred out with ‘Cannot add PPA: wireshark-dev/stable’. Double checked spelling and reading. No problems there. After too much puzzlement, decided maybe what was missing was a user called ‘wireshark-dev’ and/or a group also called wireshark-dev. No previous apt had needed me to addgroup or adduser. But, there’s always a first time. But, what group/user options might be required? Google unable to help. Decided to adduser wireshark-dev, nice and simple, nothing fancy. Interestingly, adduser also added group. Nice.
With user/group added, then add-apt-repository worked.
With repository added, then tshark installed.
### - End of Post
With tshark installed, was able to see communication between server and agent. However, did not see any UDP traffic, which was implied in the agent’s logs. So maybe I’ve still got at least one more firewall misconfiguration. (Isn’t life grand?) Note to file: today’s date is 2022-06-26.
###
Trying to install and use OSSEC. OSSEC is an Intrusion Detection System (IDS), important to Security’s Protection in Depth. OSSEC has two parts: server and agent. Installed both parts. Both parts need communicate with each other. But my server and agent did not communicate with each other. Why: install/config of parts? Firewall between them? Unknown? Unknown unknown? Ghosts? Conspiracies? Let’s investigate. Note to file: today’s date 2202-06-21.
First google was for ‘tshark’. Tshark offers to capture and display network communications. Just what is needed.
Second google was for ‘tshark install ubuntu 20.04’. Reviewed several of google’s matches. All said ask your ubuntu for ‘apt install tshark’. That erred out with “'~wireshark-dev' user or team does not exist.” Well, had previously ‘apted’ multiple times, over time, and never before seen this error. Double checked spelling. No problems there.
Third google was for “'~wireshark-dev' user or team does not exist.” Reviewed many of google’s matches. Many said ask your ubuntu for ‘sudo add-apt-repository -y ppa:wireshark-dev/stable’. But that erred out with ‘Cannot add PPA: wireshark-dev/stable’. Double checked spelling and reading. No problems there. After too much puzzlement, decided maybe what was missing was a user called ‘wireshark-dev’ and/or a group also called wireshark-dev. No previous apt had needed me to addgroup or adduser. But, there’s always a first time. But, what group/user options might be required? Google unable to help. Decided to adduser wireshark-dev, nice and simple, nothing fancy. Interestingly, adduser also added group. Nice.
With user/group added, then add-apt-repository worked.
With repository added, then tshark installed.
With tshark installed, was able to see communication between server and agent. However, did not see any UDP traffic, which was implied in the agent’s logs. So maybe I’ve still got at least one more firewall misconfiguration. (Isn’t life grand?) Note to file: today’s date is 2022-06-26.