Hi Ali, Could you confirm that ossec-authd is running and listening on the sensor? You could use
> > netstat -pna | grep 1515 The expected output will be similar to: tcp 0 0 0.0.0.0:1515 0.0.0.0:* LISTEN > 9684/ossec-authd It seems like you have some connectivity problems, be sure that the agent can actually access to 1515 port, you could use tcpdump at OSSEC Manager to listen for incoming packets to 1515 port: root@ubuntu5:/var/ossec/etc# *tcpdump -i eth0 port 1515 -vv* > > > > > > > > > > *tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size > 65535 bytes01:20:11.033864 IP (tos 0x0, ttl 128, id 22397, offset 0, flags > [DF], proto TCP (6), length 52) 192.168.1.30.57495 > 192.168.1.10.1515: > Flags [S], cksum 0x4748 (correct), seq 2326532896, win 8192, options [mss > 1460,nop,wscale 8,nop,nop,sackOK], length 001:20:11.033931 IP (tos 0x0, ttl > 64, id 0, offset 0, flags [DF], proto TCP (6), length 52) > 192.168.1.10.1515 > 192.168.1.30.57495: Flags [S.], cksum 0x839f (incorrect > -> 0x141f), seq 3245350808, ack 2326532897, win 29200, options [mss > 1460,nop,nop,sackOK,nop,wscale 7], length 001:20:11.034075 IP (tos 0x0, ttl > 128, id 22398, offset 0, flags [DF], proto TCP (6), length 40) > 192.168.1.30.57495 > 192.168.1.10.1515: Flags [.], cksum 0xbefc (correct), > seq 1, ack 1, win 2053, length 001:20:11.035593 IP (tos 0x0, ttl 128, id > 22399, offset 0, flags [DF], proto TCP (6), length 203) > 192.168.1.30.57495 > 192.168.1.10.1515: Flags [P.], cksum 0xeedb (correct), > seq 1:164, ack 1, win 2053, length 16301:20:11.035668 IP (tos 0x0, ttl 64, > id 37466, offset 0, flags [DF], proto TCP (6), length 40)* Best regards, Pedro S. On Mon, Oct 3, 2016 at 10:03 AM, Ali Khan <moizimtiaz...@gmail.com> wrote: > Hi All, > > > I am trying to use ossec agent-auth to auto agent key registration with > ossec server. > > I did the followoing on server > > > 1. *openssl genrsa -out /var/ossec/etc/sslmanager.key 2048* > 2. *openssl req -new -x509 -key /var/ossec/etc/sslmanager.key -out > /var/ossec/etc/sslmanager.cert -days 365* > 3. */var/ossec/bin/ossec-authd -p 1515 -i >/dev/null 2>&1 &* > 4. add the following rule to /etc/ossim/firewall_include : > 5. *-A INPUT –p tcp –-dport 1515 –j ACCEPT* > 6. *Run ossim-reconfig and then again started **/var/ossec/bin/ossec-authd > -p 1515 -i >/dev/null 2>&1 & and the process starts.* > > > > * However when i run ./agent-auth -m 192.168.10.246 -p 1515 **on agent > i get the following error :* > > > > *2016/10/03 12:34:58 ossec-authd: INFO: Started (pid: 9656).2016/10/03 > 12:34:58 ossec-authd: Unable to connect to 192.168.10.246:1515 > <http://192.168.10.246:1515>* > Any kind of help would be appreciated. > > Looking forward to your reply . > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
