Have you run a tcdpump or ngrep on the server to ensure packets are arriving on UDP port 1514?
When the agent is initially restarted it begins a new dialog with the server and you should be able to see that on the wire On Thursday, May 14, 2015 at 5:31:28 PM UTC-4, Andy Theuninck wrote: > > I have OSSEC 2.8.1 server installed on CentOS 7. I have OSSEC 2.8.1 agent > installed on a separate CentOS 6 box. The agent cannot connect to the > server and I do not understand why. > > When the agent starts, I see this in the logs: > 2015/05/14 15:35:11 ossec-agentd: INFO: Trying to connect to server ( > 192.168.2.4:1514). > 2015/05/14 15:35:11 ossec-agentd: INFO: Using IPv4 for: 192.168.2.4 . > 2015/05/14 15:35:32 ossec-agentd(4101): WARN: Waiting for server reply > (not started). Tried: '192.168.2.4'. > > The server ossec.log show absolutely nothing while the agent is attempting > to connect. This would lead me to believe it's a firewall (or general > connectivity problem). However, I can connect to the server machine from > the agent machine just fine using netcat. E.g., > nc -uv 192.168.2.4 1514 > > If I type random things into the server after connecting with netcat, I > get the expected log entries on the server: > 2015/05/15 15:39:37 ossec-remoted(1403): ERROR: Incorrectly formated > message from '192.168.2.3'. > > So far as I can tell, the agent machine has connectivity to UDP 1514 on > the server machine, except ossec-agentd does not. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
