OSSEC client and server is connected using UDP port 1514. Need to testing message passing over UDP.
To see ossec network connections is there by below command
# netstat -putan | grep ossec
There must to be results in both server and client
Here it in server
Here it is client (agent)
To check if ossec-server is receiving data on port 1514:
# ngrep -q -d any port 1514
Then send message from client side
#logger --server 192.168.100.184 --port 1514 "myserver myprogram: the message from madhuka";
You will find it in server side
Let check our client is monitored in OSSIM server. I will try to make some login fails for testing and it show in wen interface.
No comments:
Post a Comment