I'm pulling my hair out here trying to get this to work.
These configs were working perfectly fine on 2.7.20, but the agents refuse
to connect on 2.9.30.
The agent's are authenticating with the server without issue, but are
listed as "never connected".
Output of /var/ossec/bin/agent_control -l on the master:
ID: 1024, Name: <hostname redacted>, IP: any, Never connected
This is what I see on the agents:
2018/04/24 20:05:53 ossec-agentd(4101): WARN: Waiting for server reply (not
started). Tried: '<master>'.
2018/04/24 20:06:13 ossec-agentd: INFO: Trying to connect to server
<master>, port 1514.
2018/04/24 20:06:13 INFO: Connected to <master> at address <IP>, port 1514
2018/04/24 20:06:23 ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2018/04/24 20:06:35 ossec-agentd(1218): ERROR: Unable to send message to
'server'.
2018/04/24 20:06:36 ossec-agentd(4101): WARN: Waiting for server reply (not
started). Tried: '<master>'.
I only see my master listening on UDP port 1513. The old master, which
uses the EXACT same config file, listens on both 1513 and 1514.
Here is a snippet from the ossec.conf from the master:
<remote>
<connection>syslog</connection>
<port>1513</port>
<protocol>udp</protocol>
<allowed-ips>x.x.x.x</allowed-ips>
<allowed-ips>x.x.x.x/16</allowed-ips>
<allowed-ips>x.x.x.x/16</allowed-ips>
<allowed-ips>x.x.x.x/16</allowed-ips>
</remote>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
