Ok, using this http://www.mail-archive.com/ossec-list@googlegroups.com/msg02964.html , I was able to troubleshoot the issue.
I have installed over an ossec install, and I thought I had my agents already added, but apparently they werent! Thanks for your time! -Anapologetos On Jun 1, 12:15 pm, "dan (ddp)" <ddp...@gmail.com> wrote: > What ossec processes are running on the server? > Have you tried running tcpdump on the server to see if the packets are > making it? > Anything in the logs of the server or agents that might be useful in > tracking down the issue? > > > > On Tue, Jun 1, 2010 at 11:50 AM, Anapologetos <joshbro...@gmail.com> wrote: > > I have installed ossec 2.4 on Ubuntu Lucid as a Server install. I am > > trying to connect Server 2008 agents to it, but I continue to get > > "waiting for server reply" errors on the agents. I have disabled all > > firewalls in between the servers. > > > When I run netstat on the ossec server, I dont even see any upd/tcp > > port 1514 listening: > > ============================ > > netstat -ltpan > > Active Internet connections (servers and established) > > Proto Recv-Q Send-Q Local Address Foreign Address > > State PID/Program name > > tcp 0 0 0.0.0.0:22 0.0.0.0:* > > LISTEN - > > tcp 0 0 127.0.0.1:631 0.0.0.0:* > > LISTEN - > > tcp 0 0 0.0.0.0:25 0.0.0.0:* > > LISTEN - > > tcp 0 52 192.168.65.190:22 192.168.65.18:2432 > > ESTABLISHED - > > tcp6 0 0 :::5900 :::* > > LISTEN 2640/vino-server > > tcp6 0 0 :::22 :::* > > LISTEN - > > tcp6 0 0 ::1:631 :::* > > LISTEN - > > > ******...@**********:~/ossec-hids-2.4$ netstat -lupan > > Active Internet connections (servers and established) > > Proto Recv-Q Send-Q Local Address Foreign Address > > State PID/Program name > > udp 0 0 0.0.0.0:5353 > > 0.0.0.0:* - > > udp 0 0 0.0.0.0:56197 0.0.0.0:* > > ============================= > > > What am I doing wrong?
