2014/10/13 10:19:11 ossec-remoted(1403): ERROR: Incorrectly formated message from 'any'. 2014/10/13 10:19:13 ossec-remoted(1408): ERROR: Invalid ID for the source ip: '10.50.107.21'. 2014/10/13 10:19:16 ossec-remoted(1408): ERROR: Invalid ID for the source ip: '10.50.107.20'. 2014/10/13 10:19:16 ossec-remoted(1403): ERROR: Incorrectly formated message from 'any'. 2014/10/13 10:19:17 ossec-remoted(1408): ERROR: Invalid ID for the source ip: '10.50.107.21'. 2014/10/13 10:19:22 ossec-remoted(1408): ERROR: Invalid ID for the source ip: '10.50.107.20'. 2014/10/13 10:19:22 ossec-remoted(1403): ERROR: Incorrectly formated message from 'any'. 2014/10/13 10:19:22 ossec-remoted(1408): ERROR: Invalid ID for the source ip: '10.50.107.21'. 2014/10/13 10:19:28 ossec-remoted(1408): ERROR: Invalid ID for the source ip: '10.50.107.21'. 2014/10/13 10:19:54 ossec-remoted(1408): ERROR: Invalid ID for the source ip: '10.50.111.64'.
On Monday, October 13, 2014 7:52:05 AM UTC-5, gr...@castraconsulting.com wrote: > > Assuming agent key and IP are distinct for each server, please put the > ossec-control into debug on the server and look for errors such as "not > allowed" and so forth > > On Monday, October 13, 2014 8:04:41 AM UTC-4, Antonio Querubin wrote: >> >> On Sun, 12 Oct 2014, David Masters wrote: >> >> > Ok...here is the log file from a freshly installed agent (shutdown >> ossec >> > server, removed all rid files, no rid files on agent system, manually >> > entererd key and server address): >> >> > This is the log file from same machine after pushing out key >> > file/ossec.conf file and deleting rid files (no change to any other >> part of >> > the machine or configuration): >> >> > Verified all information in both files was exactly the same as before >> and >> > files in rids directory were deleted before service was restarted. >> >> > Any ideas? >> >> Did you remove the corresponding rids file on the server? >> >> Antonio Querubin >> e-mail: to...@lavanauts.org >> xmpp: antonio...@gmail.com >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.