Hi, I have installed OSSEC SERVER on Centos 6.9. everything is working as expected.
One error i am noticing in my logs from client server. client server is running on Centos 6.9 Details From OSSEC-Server/Manager [root@al ~]# /var/ossec/bin/ossec-authd -v /var/ossec/etc/sslmanager.cert -d 2017/06/16 06:06:33 ossec-authd: DEBUG: Starting ... 2017/06/16 06:06:33 ossec-authd: INFO: Started (pid: 6097). 2017/06/16 06:06:33 ossec-authd: DEBUG: Peer verification requested. 2017/06/16 06:06:33 ossec-authd: DEBUG: Returning CTX for server. 2017/06/16 06:06:33 ossec-authd: Unable to bind to port 1515 [root@al ~]# tcpdump -i eth0 port 1515 -vv tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 06:16:59.804739 IP (tos 0x10, ttl 64, id 31414, offset 0, flags [DF], proto TCP (6), length 60) 10.24.211.130.56622 > x.x.x.37.ifor-protocol: Flags [S], cksum 0xfcd2 (correct), seq 3432935783, win 17922, options [mss 8961,sackOK,TS val 1444817 ecr 0,nop,wscale 6], length 0 06:16:59.804780 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 10.24.211.37.ifor-protocol > 10.24.211.130.56622: Flags [S.], cksum 0x27c1 (correct), seq 1407314966, ack 3432935784, win 17898, options [mss 8961,sackOK,TS val 1348875 ecr 1444817,nop,wscale 7], length 0 06:16:59.805215 IP (tos 0x10, ttl 64, id 31415, offset 0, flags [DF], proto TCP (6), length 52) 10.24.211.130.56622 > x.x.x.37.ifor-protocol: Flags [.], cksum 0xb8aa (correct), seq 1, ack 1, win 281, options [nop,nop,TS val 1444818 ecr 1348875], length 0 06:17:02.704313 IP (tos 0x10, ttl 64, id 31416, offset 0, flags [DF], proto TCP (6), length 57) 10.24.211.130.56622 > x.x.x.37.ifor-protocol: Flags [P.], cksum 0xa757 (correct), seq 1:6, ack 1, win 281, options [nop,nop,TS val 1447717 ecr 1348875], length 5 06:17:02.704397 IP (tos 0x0, ttl 64, id 31004, offset 0, flags [DF], proto TCP (6), length 52) 10.24.211.37.ifor-protocol > x.x.x.130.56622: Flags [.], cksum 0xa28c (correct), seq 1, ack 6, win 140, options [nop,nop,TS val 1351774 ecr 1447717], length 0 2017/06/16 06:17:02 ossec-authd: ERROR: SSL Error (-1) 140489331664744:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:350: 06:17:02.713275 IP (tos 0x0, ttl 64, id 31005, offset 0, flags [DF], proto TCP (6), length 52) [root@al ~]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:9654 0.0.0.0:* LISTEN 5939/python tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1089/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1187/master tcp 0 0 :::1515 :::* LISTEN 6360/ossec-authd tcp 0 0 :::22 :::* LISTEN 1089/sshd tcp 0 0 ::1:25 :::* LISTEN 1187/master udp 0 0 0.0.0.0:68 0.0.0.0:* 829/dhclient udp 0 0 :::1514 :::* 6485/ossec-remoted [root@al ~]# lsof -P -c ossec-remoted COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ossec-rem 6485 ossecr cwd DIR 202,1 4096 401636 /var/ossec ossec-rem 6485 ossecr rtd DIR 202,1 4096 401636 /var/ossec ossec-rem 6485 ossecr txt REG 202,1 231568 6005 /var/ossec/bin/ossec-remoted ossec-rem 6485 ossecr mem REG 202,1 66432 264229 /lib64/libnss_files-2.12.so ossec-rem 6485 ossecr mem REG 202,1 122056 264206 /lib64/libselinux.so.1 ossec-rem 6485 ossecr mem REG 202,1 111440 264239 /lib64/libresolv-2.12.so ossec-rem 6485 ossecr mem REG 202,1 10192 267113 /lib64/libkeyutils.so.1.3 ossec-rem 6485 ossecr mem REG 202,1 43728 267126 /lib64/libkrb5support.so.0.1 ossec-rem 6485 ossecr mem REG 202,1 174840 267122 /lib64/libk5crypto.so.3.1 ossec-rem 6485 ossecr mem REG 202,1 14664 264654 /lib64/libcom_err.so.2.1 ossec-rem 6485 ossecr mem REG 202,1 946048 267124 /lib64/libkrb5.so.3.3 ossec-rem 6485 ossecr mem REG 202,1 277704 267118 /lib64/libgssapi_krb5.so.2.2 ossec-rem 6485 ossecr mem REG 202,1 1924768 264213 /lib64/libc-2.12.so ossec-rem 6485 ossecr mem REG 202,1 1971488 267162 /usr/lib64/libcrypto.so.1.0.1e ossec-rem 6485 ossecr mem REG 202,1 443416 267164 /usr/lib64/libssl.so.1.0.1e ossec-rem 6485 ossecr mem REG 202,1 44472 264241 /lib64/librt-2.12.so ossec-rem 6485 ossecr mem REG 202,1 88600 264623 /lib64/libz.so.1.2.3 ossec-rem 6485 ossecr mem REG 202,1 20024 264219 /lib64/libdl-2.12.so ossec-rem 6485 ossecr mem REG 202,1 218880 280017 /usr/lib64/libGeoIP.so.1.6.9 ossec-rem 6485 ossecr mem REG 202,1 143280 264237 /lib64/libpthread-2.12.so ossec-rem 6485 ossecr mem REG 202,1 596864 264221 /lib64/libm-2.12.so ossec-rem 6485 ossecr mem REG 202,1 159232 264193 /lib64/ld-2.12.so ossec-rem 6485 ossecr 0u CHR 1,3 0t0 3923 /dev/null ossec-rem 6485 ossecr 1u CHR 1,3 0t0 3923 /dev/null ossec-rem 6485 ossecr 2u CHR 1,3 0t0 3923 /dev/null ossec-rem 6485 ossecr 3u IPv6 576376 0t0 UDP *:1514 ossec-rem 6485 ossecr 4u unix 0xffff88007bfe0780 0t0 576379 /queue/alerts/ar ossec-rem 6485 ossecr 5u unix 0xffff88007bfe0b00 0t0 576399 socket ossec-rem 6485 ossecr 6u REG 202,1 7 6196 /var/ossec/queue/rids/1024 ossec-rem 6485 ossecr 7u REG 202,1 6 6217 /var/ossec/queue/rids/sender_counter [root@al ~]# lsof -P -a -i -c ossec-remoted COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ossec-rem 6485 ossecr 3u IPv6 576376 0t0 UDP *:1514 [root@al ~]# ps aux | grep oss root 5939 0.0 0.5 254816 9672 pts/0 Sl 06:05 0:00 /usr/bin/python /opt/auto-ossec/auto_server.py root 16049 0.0 0.1 44188 2840 pts/0 S 06:33 0:00 /var/ossec/bin/ossec-authd -p 1515 ossecm 16157 0.0 0.0 46200 916 ? S 06:33 0:00 /var/ossec/bin/ossec-maild root 16160 0.0 0.0 46692 888 ? S 06:33 0:00 /var/ossec/bin/ossec-execd ossec 16165 0.0 0.1 45872 2836 ? S 06:33 0:00 /var/ossec/bin/ossec-analysisd root 16169 0.0 0.0 42040 904 ? S 06:33 0:00 /var/ossec/bin/ossec-logcollector root 16175 0.5 0.0 42640 1716 ? S 06:33 0:03 /var/ossec/bin/ossec-syscheckd ossec 16178 0.0 0.0 44224 880 ? S 06:33 0:00 /var/ossec/bin/ossec-monitord root 16396 0.0 0.0 103328 876 pts/0 S+ 06:44 0:00 grep oss Here is the information from Agent-Server 2017/06/16 06:35:11 ossec-agentd(1218): ERROR: Unable to send message to 'server'. 2017/06/16 06:35:12 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: 'ossec-server.al'. 2017/06/16 06:35:14 ossec-agentd: INFO: Trying to connect to server ossec-server.al, port 1514. 2017/06/16 06:35:14 INFO: Connected to ossec-server.al at address x.x.x.37, port 1514 2017/06/16 06:35:24 ossec-agentd(1218): ERROR: Unable to send message to 'server'. 2017/06/16 06:35:36 ossec-agentd(1218): ERROR: Unable to send message to 'server'. One more interesting thing i am noticing whenever i am hitting telnet from my agent server [root@al-a ~]# telnet ossec-server.al 1515 Trying x.x.x.37... Connected to ossec-server.al. Escape character is '^]'. OSSEC SERVER/Manager showing this: [root@x.x.x-37 ~]# 2017/06/16 06:15:03 ossec-authd: ERROR: SSL Error (-1) 1404891111664744:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:350: -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.