On Mon, Jan 10, 2011 at 5:48 PM, Billy McCarthy <bi...@tripitinc.com> wrote: > > > On Mon, Jan 10, 2011 at 2:15 PM, dan (ddp) <ddp...@gmail.com> wrote: >> >> Is ossec-remoted running on the manager? >> After adding the agent through the manage_agents application, did you >> restart the OSSEC processes on the manager? >> Are there any error messages on the manager that might be useful in >> troubleshooting this? > > Remoted is definitely running on the manager and i've restarted all of the > ossec process on that machine a few times. No error messages on the > manager. I even tried killing remoted and starting up with '-f -d' options > and didn't see anything at all, despite being able to see traffic on that > machine arriving at port 1514. > > I've removed the packages from the client machine and have reinstalled via > the tarball. I have also tried running remoted on 514, instead of 1514. > Still not able to get the client to connect. >
How do you know the agent hasn't connected? Just the error messages on the agent side? Are there multiple IP addresses on the manager? Is ossec-remoted binding to the correct one? Is there udp traffic going from the manager:1514 to the agent? Can you post the <remote> section of the manager's ossec.conf? Obfuscate any IP addresses you don't want to be public. :)