search

ossec / ossec-hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
http://www.ossec.net
Other
4.44k stars 1.04k forks source link

Agent table does not get populated #2073

Open ensimek opened 1 year ago

ensimek commented 1 year ago

Hi there! Got a setup of 3 Debian based servers. A -> Server/Agent/Local with database logging B -> Agent connecting to A C -> Agent connecting to A

Connection is fine as you can see:

./agent_control -l
OSSEC HIDS agent_control. List of available agents:
   ID: 000, Name: A (server), IP: 127.0.0.1, Active/Local
   ID: 001, Name: B, IP: 1.1.1.1, Active
   ID: 002, Name: C, IP: 1.1.1.2, Active

However when i look at the database, agent table remains empty. server table has only one local server in it. What can i do to start logging alerts from agents?

wolle604 commented 1 year ago

Hey,

Alerts stored in a different table. The insertion of the agents informations seems not to be implemented . I builded a solution, with a json output of an ossec program, my python script just decode the data of the json file and inserts them into my database.

Best wishes