Hello, i have problem connecting agents. I installed Ossec on Ubuntu Server 16.04 Virtual machines, Added an agents ( with IP and any) extracted key, but when i see agents list i got only. "No agent avalibale. Could anyone know whats the issue Here are my logs from machines.Any help is apprecitated,thanks in advance Log file from server :
*2018/08/31 13:07:57 ossec-analysisd: INFO: White listing IP: '2018/08/31 13:07:57 ossec-analysisd: INFO: 7 IPs in the white list for active response.2018/08/31 13:07:57 ossec-analysisd: INFO: White listing Hostname: '::1'2018/08/31 13:07:57 ossec-analysisd: INFO: 1 Hostname(s) in the white list for active response.2018/08/31 13:07:57 ossec-analysisd: INFO: Started (pid: 5794).2018/08/31 13:07:58 ossec-monitord: INFO: Started (pid: 5813).2018/08/31 13:07:58 ossec-remoted(4111): INFO: Maximum number of agents allowed: '16384'.2018/08/31 13:07:58 ossec-remoted(1410): INFO: Reading authentication keys file.2018/08/31 13:07:58 ossec-remoted: INFO: No previous counter available for 'sv2'.2018/08/31 13:07:58 ossec-remoted: INFO: Assigning counter for agent sv2: '0:0'.2018/08/31 13:07:58 ossec-remoted: INFO: No previous sender counter.2018/08/31 13:07:58 ossec-remoted: INFO: Assigning sender counter: 0:02018/08/31 13:08:00 ossec-analysisd: INFO: Connected to '/queue/alerts/ar' (active-response queue)2018/08/31 13:08:00 ossec-analysisd: INFO: Connected to '/queue/alerts/execq' (exec queue)2018/08/31 13:08:02 ossec-syscheckd: INFO: Started (pid: 5810).2018/08/31 13:08:02 ossec-rootcheck: INFO: Started (pid: 5810).2018/08/31 13:08:03 ossec-logcollector: INFO: Started (pid: 5799).2018/08/31 13:08:22 INFO: Connected to 127.0.1.1 at address 127.0.1.1, port 252018/08/31 13:09:04 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database).2018/08/31 13:09:04 ossec-syscheckd: INFO: Starting syscheck database (pre-scan).2018/08/31 13:09:04 ossec-syscheckd: INFO: Initializing real time file monitoring (not started).2018/08/31 13:10:13 ossec-logcollector(1904): INFO: File not available, ignoring it: '/var/log/messages'.2018/08/31 13:10:13 ossec-logcollector(1904): INFO: File not available, ignoring it: '/var/log/secure'.2018/08/31 13:10:13 ossec-logcollector(1904): INFO: File not available, ignoring it: '/var/log/xferlog'.2018/08/31 13:10:13 ossec-logcollector(1904): INFO: File not available, ignoring it: '/var/log/maillog'.2018/08/31 13:10:13 ossec-logcollector(1904): INFO: File not available, ignoring it: '/var/www/logs/access_log'.2018/08/31 13:10:13 ossec-logcollector(1904): INFO: File not available, ignoring it: '/var/www/logs/error_log'.2018/08/31 13:10:13 ossec-logcollector(1904): INFO: File not available, ignoring it: '/var/log/exim_mainlog'.2018/08/31 13:13:21 ossec-syscheckd(1124): ERROR: Could not rename file '/usr/bin/vmware-user' to '/var/ossec/queue/diff/local/usr/bin/vmware-user/last-entry' due to [(2)-(No such file or directory)].* Log from agent : *2018/08/31 12:34:46 ossec-execd: INFO: Started (pid: 10201).2018/08/31 12:34:46 ossec-agentd: INFO: Using notify time: 600 and max time to $2018/08/31 12:34:46 ossec-agentd(1410): INFO: Reading authentication keys file.2018/08/31 12:34:46 ossec-agentd: INFO: Started (pid: 10205).2018/08/31 12:34:46 ossec-agentd: INFO: Server 1: 157.97.106.1072018/08/31 12:34:46 ossec-agentd: INFO: Trying to connect to server 157.97.106.$2018/08/31 12:34:46 INFO: Connected to 157.97.106.107 at address 157.97.106.107$2018/08/31 12:34:46 rootcheck: System audit file not configured.2018/08/31 13:08:26 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: '157.97.106.107'.2018/08/31 13:08:28 ossec-agentd: INFO: Trying to connect to server 157.97.106.107, port 1514.2018/08/31 13:08:28 INFO: Connected to 157.97.106.107 at address 157.97.106.107, port 15142018/08/31 13:08:49 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: '157.97.106.107'.2018/08/31 13:09:09 ossec-agentd: INFO: Trying to connect to server 157.97.106.107, port 1514.2018/08/31 13:09:09 INFO: Connected to 157.97.106.107 at address 157.97.106.107, port 15142018/08/31 13:09:11 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database).2018/08/31 13:09:11 ossec-syscheckd: WARN: Process locked. Waiting for permission...2018/08/31 13:09:30 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: '157.97.106.107'.2018/08/31 13:10:08 ossec-agentd: INFO: Trying to connect to server 157.97.106.107, port 1514.2018/08/31 13:10:08 INFO: Connected to 157.97.106.107 at address 157.97.106.107, port 15142018/08/31 13:10:21 ossec-logcollector: WARN: Process locked. Waiting for permission...2018/08/31 13:10:29 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: '157.97.106.107'.* -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.