Friday, June 17, 2016

Testing Log forwarding in OSSEC

OSSEC client and server is connected using UDP port 1514. Need to testing message passing over UDP.

To see ossec network connections is there by below command

# netstat -putan | grep ossec

There must to be results in both server and  client

Here it in server

image 

Here it is client (agent)

image

To check if ossec-server is receiving data on port 1514:

# ngrep -q -d any port 1514

image

Then send message from client side

#logger --server 192.168.100.184 --port 1514 "myserver myprogram: the message from madhuka";

image

You will find it in server side

image

Let check our client is monitored in OSSIM server. I will try to make some login fails for testing and it show in wen interface.

image

image

No comments:

Post a Comment