Hello, I got the same problem in agent AIX7.1 with wazuh-3.6.1 as following; ..........ossec.log ................. 2019/01/12 11:03:03 ossec-agentd: INFO: Trying to connect to server (192.168.0.98:1514/udp). 2019/01/12 11:03:24 ossec-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: '192.168.0.98'
------ checking port------------ bash-3.2# netstat -Aan|grep 1514 f1000e0000086e00 udp4 0 0 192.168.0.35.32956 192.168.0.72.1514 bash-3.2# netstat -Aan|grep ossec-agentd bash-3.2# -----checking port config------------ #vi /etc/services .......... fujitsu-dtcns 1514/tcp # Fujitsu Systems Business of America, Inc fujitsu-dtcns 1514/udp # Fujitsu Systems Business of America, Inc ............ Many thanks, n.j 2012년 9월 4일 화요일 오전 10시 44분 46초 UTC+9, Thomas Bartos 님의 말: > > > Check your Firewall and make sure UDP protocol is open on port 1514 > -tom > > > > On Sep 3, 2012, at 6:07 PM, Joe Gedeon <joe.g...@gmail.com <javascript:>> > wrote: > > Looks like you have the wrong OSSEC key on the OSSEC Client. > > On Fri, Aug 31, 2012 at 5:21 PM, dkoleary <dkol...@olearycomputers.com > <javascript:>> wrote: > > Hey; > > I'm suspecting a firewall issue, but there's an odd twist. We installed > the > ossec agent on an aix 5.3 box; but, it's not able to connect to the ossec > server. On the client, we're getting the typical: > > 2012/08/31 16:01:21 ossec-agentd(4101): WARN: Waiting for server reply (not > started). Tried: '111.22.33.444'. > 2012/08/31 16:01:23 ossec-agentd: INFO: Trying to connect to server > (111.22.33.444:1514). > 2012/08/31 16:01:23 ossec-agentd: INFO: Using IPv4 for: 111.22.33.444 . > > We verified that the client.keys file has the right information in it, > restarted the service looking for any errors and nothing. Screen output > was > clean; ossec.log file is clean. > > The twist, though, is that the ossec server is clocking errors: > > ossec-remoted(1403): ERROR: Incorrectly formated message from > '111.77.88.99' > > I asked the client to verify the firewall port 1514 is open stateful to the > server; however, I'm not sure that's it. If the firewall were blocking the > traffic, I wouldn't expect to see anything on the server... should I be > looking somewhere else? > > Any hints/tips/suggestions greatly appreciated. > > Doug O'Leary > > > > > -- > Registered Linux User # 379282 > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.