I just upgraded to v0.9.2 and now my Solaris Agent is not connecting to my Linux server.
I checked the iptables on the server and it looks like the server should be able to communicate just fine on port 514. But when I go to the agent it shows this in the logs. 2006/09/28 10:20:42 ossec-agentd: Started (pid: 27260). 2006/09/28 10:20:42 ossec-agentd: Connecting to server (10.1.1.13:1514). 2006/09/28 10:20:45 ossec-syscheckd: Started (pid: 27268). 2006/09/28 10:20:49 ossec-logcollector(1950): Analyzing file: '/var/log/authlog'. 2006/09/28 10:20:49 ossec-logcollector(1950): Analyzing file: '/var/log/syslog'. 2006/09/28 10:20:49 ossec-logcollector: Started (pid: 27264). 2006/09/28 10:20:57 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/28 10:21:13 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/28 10:21:44 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/28 10:22:30 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/28 10:23:31 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/28 10:24:47 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/28 10:26:18 ossec-agentd(4101): Waiting for server reply (not started). 2006/09/28 10:28:05 ossec-agentd(4101): Waiting for server reply (not started). Was there a change in the new version on the port? Is there a typo? Why does it say Connecting to server (10.1.1.13:1514)? Or am I barking up the wrong tree here? -- Brian Avis SEARHC Medical Clinic Juneau, AK 99801 (907) 463-4049 Have a nice diurnal anomaly!
