On Fri, Aug 24, 2012 at 4:38 PM, Michael Barrett <michael_barr...@mgic.com> wrote: > > > There shouldn't be any other agents trying to use that IP > > This device only has one IP > > Is there a log that will tell me the IP that the agent is using to > communicate with the server?
Not that I'm aware of. Check for duplicates in the client.keys file as well. > ____________________________________________ > Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty > Insurance Corporation > 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6271 | 7 > 1.888.601.4440 | * michael_barr...@mgic.com > > This message is intended for use only by the person(s) addressed above and > may contain privileged and confidential information. Disclosure or use of > this message by any other person is strictly prohibited. If this message is > received in error, please notify the sender immediately and delete this > message. > > > > From: "dan (ddp)" <ddp...@gmail.com> > To: ossec-list@googlegroups.com > Date: 08/24/2012 12:12 PM > Subject: Re: [ossec-list] 2.5.1 > Sent by: ossec-list@googlegroups.com > > ________________________________ > > > > On Fri, Aug 24, 2012 at 12:42 PM, Michael Barrett > <michael_barr...@mgic.com> wrote: > > > > > > OK > > > > using ANY, the agent connects > > > > > > SO what does this tell us? > > ____________________________________________ > > There are a few possibilities (and probably others I'm not thinking > of). Is it possible that the agent's IP is being used by multiple > agents? All agents need unique IP addresses. Could the agent be trying > to communicate using a different IP than the one assigned to it in > manage_agents? > > > Michael Barrett | Information Security Analyst - Lead | Mortgage > > Guaranty > > Insurance Corporation > > 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6271 | 7 > > 1.888.601.4440 | * michael_barr...@mgic.com > > > > This message is intended for use only by the person(s) addressed above > > and > > may contain privileged and confidential information. Disclosure or use > > of > > this message by any other person is strictly prohibited. If this message > > is > > received in error, please notify the sender immediately and delete this > > message. > > > > > > > > From: "dan (ddp)" <ddp...@gmail.com> > > To: ossec-list@googlegroups.com > > Date: 08/24/2012 09:51 AM > > Subject: Re: [ossec-list] 2.5.1 > > Sent by: ossec-list@googlegroups.com > > > > ________________________________ > > > > > > > > As an experiment, try removing the agent with manage_agents. Then > > re-add it, but for the IP address try entering 'any' (without the > > quotes). > > Then export the key, import the key on the agent, restart, etc. > > > > On Fri, Aug 24, 2012 at 10:41 AM, Michael Barrett > > <michael_barr...@mgic.com> wrote: > > > > > > > > > I turned logall on, doesn't seem to make a difference in the message > > > > > > How do I turn debug on? > > > > > > > > > > > > ____________________________________________ > > > Michael Barrett | Information Security Analyst - Lead | Mortgage > > > Guaranty Insurance Corporation > > > 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6271 | 7 > > > 1.888.601.4440 | * michael_barr...@mgic.com > > > > > > This message is intended for use only by the person(s) addressed above > > > and may contain privileged and confidential information. Disclosure or > > > use > > > of this message by any other person is strictly prohibited. If this > > > message > > > is received in error, please notify the sender immediately and delete > > > this > > > message. > > > > > > > > > > > > From: "dan (ddp)" <ddp...@gmail.com> > > > To: ossec-list@googlegroups.com > > > Date: 08/21/2012 11:40 AM > > > Subject: Re: [ossec-list] 2.5.1 > > > Sent by: ossec-list@googlegroups.com > > > > > > ________________________________ > > > > > > > > > > > > On Tue, Aug 21, 2012 at 12:36 PM, Michael Barrett > > > <michael_barr...@mgic.com> wrote: > > > > > > > > > > > > So if re-installing doesn't work, any ideas of what I can try? > > > > ____________________________________________ > > > > > > > > > Could there be a networking device messing things up in between? Is > > > this the only system having issues? Turn on logall on the server? Turn > > > on debug on the server? Try to add to the log message to get the > > > initial incorrectly formatted message? > > > > > > > Michael Barrett | Information Security Analyst - Lead | Mortgage > > > > Guaranty > > > > Insurance Corporation > > > > 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6271 | > > > > 7 > > > > 1.888.601.4440 | * michael_barr...@mgic.com > > > > > > > > This message is intended for use only by the person(s) addressed > > > > above > > > > and > > > > may contain privileged and confidential information. Disclosure or > > > > use > > > > of > > > > this message by any other person is strictly prohibited. If this > > > > message is > > > > received in error, please notify the sender immediately and delete > > > > this > > > > message. > > > > > > > > > > > > > > > > From: "dan (ddp)" <ddp...@gmail.com> > > > > To: ossec-list@googlegroups.com > > > > Date: 08/21/2012 11:15 AM > > > > Subject: Re: [ossec-list] 2.5.1 > > > > Sent by: ossec-list@googlegroups.com > > > > > > > > ________________________________ > > > > > > > > > > > > > > > > On Tue, Aug 21, 2012 at 11:18 AM, Michael Barrett > > > > <michael_barr...@mgic.com> wrote: > > > > > > > > > > Is this the only agent on this network? Could there be a > > > > > networking > > > > > device messing things up in between? Is this the only host having > > > > > issues? Is the server listening on multiple networks? What does > > > > > v2.5.1 > > > > > have to do with this? > > > > > > > > > > > > > > > No this isn't the only host > > > > > > > > > > The server is only listening on one IP > > > > > > > > > > The agent has 2.5.1 and we are not ready to go to 2.6 and i wanted > > > > > a > > > > > fresh > > > > > install > > > > > ________________________________ > > > > > > > > What are you going to do when 2.7 comes out? Wait till 2.8 is almost > > > > ready? > > > > > > > > ____________ > > > > > Michael Barrett | Information Security Analyst - Lead | Mortgage > > > > > Guaranty > > > > > Insurance Corporation > > > > > 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6271 > > > > > | > > > > > 7 > > > > > 1.888.601.4440 | * michael_barr...@mgic.com > > > > > > > > > > This message is intended for use only by the person(s) addressed > > > > > above > > > > > and > > > > > may contain privileged and confidential information. Disclosure or > > > > > use > > > > > of > > > > > this message by any other person is strictly prohibited. If this > > > > > message > > > > > is > > > > > received in error, please notify the sender immediately and delete > > > > > this > > > > > message. > > > > > > > > > > > > > > > > > > > >