[ossec-list] Ossec agent connection problem

Don_Johny Fri, 31 Aug 2018 06:53:22 -0700

Hello, i have problem connecting agents. I installed Ossec on Ubuntu Server 
16.04 Virtual machines, Added an agents ( with IP and any) extracted key, 
but when i see agents list i got only. "No agent avalibale. Could anyone 
know whats the issue Here are my logs from machines.Any help is 
apprecitated,thanks in advance
Log file from server :






























*2018/08/31 13:07:57 ossec-analysisd: INFO: White listing IP: '2018/08/31 
13:07:57 ossec-analysisd: INFO: 7 IPs in the white list for active 
response.2018/08/31 13:07:57 ossec-analysisd: INFO: White listing Hostname: 
'::1'2018/08/31 13:07:57 ossec-analysisd: INFO: 1 Hostname(s) in the white 
list for active response.2018/08/31 13:07:57 ossec-analysisd: INFO: Started 
(pid: 5794).2018/08/31 13:07:58 ossec-monitord: INFO: Started (pid: 
5813).2018/08/31 13:07:58 ossec-remoted(4111): INFO: Maximum number of 
agents allowed: '16384'.2018/08/31 13:07:58 ossec-remoted(1410): INFO: 
Reading authentication keys file.2018/08/31 13:07:58 ossec-remoted: INFO: 
No previous counter available for 'sv2'.2018/08/31 13:07:58 ossec-remoted: 
INFO: Assigning counter for agent sv2: '0:0'.2018/08/31 13:07:58 
ossec-remoted: INFO: No previous sender counter.2018/08/31 13:07:58 
ossec-remoted: INFO: Assigning sender counter: 0:02018/08/31 13:08:00 
ossec-analysisd: INFO: Connected to '/queue/alerts/ar' (active-response 
queue)2018/08/31 13:08:00 ossec-analysisd: INFO: Connected to 
'/queue/alerts/execq' (exec queue)2018/08/31 13:08:02 ossec-syscheckd: 
INFO: Started (pid: 5810).2018/08/31 13:08:02 ossec-rootcheck: INFO: 
Started (pid: 5810).2018/08/31 13:08:03 ossec-logcollector: INFO: Started 
(pid: 5799).2018/08/31 13:08:22 INFO: Connected to 127.0.1.1 at address 
127.0.1.1, port 252018/08/31 13:09:04 ossec-syscheckd: INFO: Starting 
syscheck scan (forwarding database).2018/08/31 13:09:04 ossec-syscheckd: 
INFO: Starting syscheck database (pre-scan).2018/08/31 13:09:04 
ossec-syscheckd: INFO: Initializing real time file monitoring (not 
started).2018/08/31 13:10:13 ossec-logcollector(1904): INFO: File not 
available, ignoring it: '/var/log/messages'.2018/08/31 13:10:13 
ossec-logcollector(1904): INFO: File not available, ignoring it: 
'/var/log/secure'.2018/08/31 13:10:13 ossec-logcollector(1904): INFO: File 
not available, ignoring it: '/var/log/xferlog'.2018/08/31 13:10:13 
ossec-logcollector(1904): INFO: File not available, ignoring it: 
'/var/log/maillog'.2018/08/31 13:10:13 ossec-logcollector(1904): INFO: File 
not available, ignoring it: '/var/www/logs/access_log'.2018/08/31 13:10:13 
ossec-logcollector(1904): INFO: File not available, ignoring it: 
'/var/www/logs/error_log'.2018/08/31 13:10:13 ossec-logcollector(1904): 
INFO: File not available, ignoring it: '/var/log/exim_mainlog'.2018/08/31 
13:13:21 ossec-syscheckd(1124): ERROR: Could not rename file 
'/usr/bin/vmware-user' to 
'/var/ossec/queue/diff/local/usr/bin/vmware-user/last-entry' due to 
[(2)-(No such file or directory)].*

Log from agent : 





















*2018/08/31 12:34:46 ossec-execd: INFO: Started (pid: 10201).2018/08/31 
12:34:46 ossec-agentd: INFO: Using notify time: 600 and max time to 
$2018/08/31 12:34:46 ossec-agentd(1410): INFO: Reading authentication keys 
file.2018/08/31 12:34:46 ossec-agentd: INFO: Started (pid: 
10205).2018/08/31 12:34:46 ossec-agentd: INFO: Server 1: 
157.97.106.1072018/08/31 12:34:46 ossec-agentd: INFO: Trying to connect to 
server 157.97.106.$2018/08/31 12:34:46 INFO: Connected to 157.97.106.107 at 
address 157.97.106.107$2018/08/31 12:34:46 rootcheck: System audit file not 
configured.2018/08/31 13:08:26 ossec-agentd(4101): WARN: Waiting for server 
reply (not started). Tried: '157.97.106.107'.2018/08/31 13:08:28 
ossec-agentd: INFO: Trying to connect to server 157.97.106.107, port 
1514.2018/08/31 13:08:28 INFO: Connected to 157.97.106.107 at address 
157.97.106.107, port 15142018/08/31 13:08:49 ossec-agentd(4101): WARN: 
Waiting for server reply (not started). Tried: '157.97.106.107'.2018/08/31 
13:09:09 ossec-agentd: INFO: Trying to connect to server 157.97.106.107, 
port 1514.2018/08/31 13:09:09 INFO: Connected to 157.97.106.107 at address 
157.97.106.107, port 15142018/08/31 13:09:11 ossec-syscheckd: INFO: 
Starting syscheck scan (forwarding database).2018/08/31 13:09:11 
ossec-syscheckd: WARN: Process locked. Waiting for permission...2018/08/31 
13:09:30 ossec-agentd(4101): WARN: Waiting for server reply (not started). 
Tried: '157.97.106.107'.2018/08/31 13:10:08 ossec-agentd: INFO: Trying to 
connect to server 157.97.106.107, port 1514.2018/08/31 13:10:08 INFO: 
Connected to 157.97.106.107 at address 157.97.106.107, port 15142018/08/31 
13:10:21 ossec-logcollector: WARN: Process locked. Waiting for 
permission...2018/08/31 13:10:29 ossec-agentd(4101): WARN: Waiting for 
server reply (not started). Tried: '157.97.106.107'.*

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Ossec agent connection problem

Reply via email to