On Mon, Jan 10, 2011 at 6:48 PM, Billy McCarthy <bi...@tripitinc.com> wrote: > > > On Mon, Jan 10, 2011 at 3:23 PM, dan (ddp) <ddp...@gmail.com> wrote: >> >> <allowed-ips> is only necessary for syslog connection types. >> >> It's very odd that there's no logs in the manager's ossec.log that >> relate to this agent. Is iptables turned off, or did you add a hole >> for UDP 1514 into the ruleset? >> >> The only thing I can think off right now are deleting the agent and >> re-adding it via manage_agents on the manager (make sure you re-export >> the key and re-import it into the agent). >> > > Ok, I'm willing to admit it, I'm an idiot. I've looked at the iptables > listing at least a dozen times today and kept seeing the very first entry as > accepting traffic from anywhere to any port over 1024, not just dns traffic. > ACCEPT udp -- any any anywhere anywhere > udp spt:domain dpts:1024:65535 > > Thank you so much for your help, and patience. I'm going to blame this on > the cold that kept me on the couch for half of last week. > > -- > Billy McCarthy > Site Operations Engineer > http://www.tripit.com > >
No worries, I blame many of the world's problems on iptables. Glad it's working. ;)