how to open port in linux, ossec client cannot connect

anyone aware of ossec log monitoring software?

i have installed ossec to ubuntu 9 server edition
ubuntu is with default installation, only ossec i installed

ossec is using port 1514 to communicate with clients, from a client pc i telnet to 1514, cannot connect

in server i check
root@ossec:/var/ossec/etc# netstat -an | grep LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
unix  2      [ ACC ]     STREAM     LISTENING     4527     /tmp/.winbindd/pipe
unix  2      [ ACC ]     STREAM     LISTENING     2747     @/com/ubuntu/upstart
unix  2      [ ACC ]     STREAM     LISTENING     4529     /var/run/samba/winbindd_privileged/pipe
unix  2      [ ACC ]     STREAM     LISTENING     4365     /tmp/.lwidentity/pipe
unix  2      [ ACC ]     STREAM     LISTENING     4367     /var/lib/likewise-open/lwidentity_privile
ged/pipe
root@ossec:/var/ossec/etc#

wats the command to open port 1514?
ammadeyy2020Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
TobiasHolmConnect With a Mentor Commented:
Hi!

"Remember to open the port 1514 (UDP) if there is a firewall between the server and the agents (if you didn’t choose the local installation)."

To open port in the firewall, follow this document: https://help.ubuntu.com/community/IptablesHowTo

To allow incoming traffic on the port 1514 UDP:

$ sudo iptables -A INPUT -p udp --dport 1514 -j ACCEPT

To check the firewall rules:

$ sudo iptables -L

Regards, Tobias
0
 
ajay_mhasalConnect With a Mentor Commented:
HI,

After having a look at the output of netstat command it seem that the ossec service is not running and you should start it using command

/var/ossec/bin/ossec-control start

As even it you configure the firewall and block the port it must be displayed in netstat output in Listen state on the host. Hence try to start the service of ossec.
0
 
ammadeyy2020Author Commented:
attached screenshort, service is already running
1.png
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
gmckeown99Connect With a Mentor Commented:
Those ports are SSH and Samba. Use netstat -atup. OSSEC uses UDP port 1415, not TCP.

Remember to open the port 1514 (UDP) if there is a firewall between the server and the agents.

0
 
ammadeyy2020Author Commented:
hi
iptables -L shows udp port 1514 is open

since the question i asked is about how to open port in linux i will close this question and open new question regarding ossec issue
0
 
gmckeown99Commented:
You don't "open" a port in Linux. It is OSSEC that listens for connections on a particular port. Try disabling iptables to rule out the port being blocked /etc/init.d/iptables stop.

Did you run netstat -atup ?

Don't filter just for "LISTEN" as you may have a connection that is in the "ESTABLISHED" state.
0
All Courses

From novice to tech pro — start learning today.