The IP is correct no nat, The agent is a VM running on a KVM host, getting its network from a Bridge interface. Just like the other 3 vm's which are working perfectly.
IP is unique key was copied/pasted from the master. On Wednesday, August 8, 2012 3:00:48 PM UTC-4, dan (ddpbsd) wrote: > > On Wed, Aug 8, 2012 at 2:53 PM, Nate <yjn...@gmail.com <javascript:>> > wrote: > > I've found a number of references to this error message, none of them > seem > > to be helping me though. > > > > I've recently setup an ossec manager, with four agents. Ossec 2.6, > Fedora 15 > > on the manager, and the four agents are all CentOS 6. > > > > I added all of the agents by generating keys, restarting ossec on the > > manager, and then importing the keys on each agent individually. > > > > On one of the agents, I messed up its IP address on the manager when i > > generated its key. So i deleted that key, and generated a new one, with > a > > new id, and imported that key on the agent. It joined the master, and > all > > appeared well. > > > > That agent keeps generating the following error in my ossec.log on the > > master however. > > > > 2012/08/08 18:40:57 ossec-remoted(1403): ERROR: Incorrectly formated > message > > from 'ip of agent'. > > > > I've gone as far as to remove the agent's key on the master, completely > > remove ossec on the agent, generate a new key on the master, even with a > new > > agent name, reinstall ossec on the agent, and import the new key, it > still > > generates these errors. > > > > Every report of this error i've found has been related to keys, which is > why > > i've focused on the keys up until now. However after my last step > (removing > > and reinstalling ossec ont he agent), i cant see how it could still be > the > > key, unless something isnt clearing on the master. > > > > What can i try next? > > > > Are you sure you got the IP address correct? There are no NAT devices > between the agent and the manager? The IP used by that agent is > unique? You didn't fat finger the key? >
