Hello, We have installed OSSEC 2.7 on a CentOS machine which is working fine with several Windows and Linux agents. We are trying to install the OSSEC 2.7 agent package on a Windows 2008 server which goes well but at end, after the manual agent config (ip and secret) and restarting of the service, we still see that the agent is never connected:
*On the OSSEC server:* ID: 1368, Name: server001, IP: x.x.x.x, *Never connected* *On the agent *in c:\program files(x86)\ossec-agent\ossec.log we see: 2013/04/17 11:17:16 ossec-agent(4102): INFO: *Connected to the server (*server ip*:1514)*. 2013/04/17 11:17:16 ossec-agent: INFO: System is Vista or Windows Server 2008. 2013/04/17 11:17:16 ossec-agent(1951): INFO: Analyzing event log: 'Application'. 2013/04/17 11:17:16 ossec-agent(1951): INFO: Analyzing event log: 'Security'. 2013/04/17 11:17:17 ossec-agent(1951): INFO: Analyzing event log: 'System'. 2013/04/17 11:17:17 ossec-agent: INFO: Started (pid: 6984). 2013/04/17 11:18:15 ossec-agent: INFO: Starting syscheck scan (forwarding database). 2013/04/17 11:18:15 ossec-agent: INFO: Starting syscheck database (pre-scan). This is strange, we checked the connection (connection can be made to server udp 1514) but we don't see anything in the servers logfile in /var/ossec/log/ossec.log Is there anything we can do to further investigate? Service seems to be running fine and the OSSEC agent logfile shows that nothing is broken but the server never sees the succesful connection. Michiel -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
