Hello, i have problem connecting agents. I installed Ossec on Ubuntu Server
16.04 Virtual machines, Added an agents ( with IP and any) extracted key,
but when i see agents list i got only. "No agent avalibale. Could anyone
know whats the issue Here are my logs from machines.Any help is
apprecitated,thanks in advance
Log file from server :
*2018/08/31 13:07:57 ossec-analysisd: INFO: White listing IP: '2018/08/31
13:07:57 ossec-analysisd: INFO: 7 IPs in the white list for active
response.2018/08/31 13:07:57 ossec-analysisd: INFO: White listing Hostname:
'::1'2018/08/31 13:07:57 ossec-analysisd: INFO: 1 Hostname(s) in the white
list for active response.2018/08/31 13:07:57 ossec-analysisd: INFO: Started
(pid: 5794).2018/08/31 13:07:58 ossec-monitord: INFO: Started (pid:
5813).2018/08/31 13:07:58 ossec-remoted(4111): INFO: Maximum number of
agents allowed: '16384'.2018/08/31 13:07:58 ossec-remoted(1410): INFO:
Reading authentication keys file.2018/08/31 13:07:58 ossec-remoted: INFO:
No previous counter available for 'sv2'.2018/08/31 13:07:58 ossec-remoted:
INFO: Assigning counter for agent sv2: '0:0'.2018/08/31 13:07:58
ossec-remoted: INFO: No previous sender counter.2018/08/31 13:07:58
ossec-remoted: INFO: Assigning sender counter: 0:02018/08/31 13:08:00
ossec-analysisd: INFO: Connected to '/queue/alerts/ar' (active-response
queue)2018/08/31 13:08:00 ossec-analysisd: INFO: Connected to
'/queue/alerts/execq' (exec queue)2018/08/31 13:08:02 ossec-syscheckd:
INFO: Started (pid: 5810).2018/08/31 13:08:02 ossec-rootcheck: INFO:
Started (pid: 5810).2018/08/31 13:08:03 ossec-logcollector: INFO: Started
(pid: 5799).2018/08/31 13:08:22 INFO: Connected to 127.0.1.1 at address
127.0.1.1, port 252018/08/31 13:09:04 ossec-syscheckd: INFO: Starting
syscheck scan (forwarding database).2018/08/31 13:09:04 ossec-syscheckd:
INFO: Starting syscheck database (pre-scan).2018/08/31 13:09:04
ossec-syscheckd: INFO: Initializing real time file monitoring (not
started).2018/08/31 13:10:13 ossec-logcollector(1904): INFO: File not
available, ignoring it: '/var/log/messages'.2018/08/31 13:10:13
ossec-logcollector(1904): INFO: File not available, ignoring it:
'/var/log/secure'.2018/08/31 13:10:13 ossec-logcollector(1904): INFO: File
not available, ignoring it: '/var/log/xferlog'.2018/08/31 13:10:13
ossec-logcollector(1904): INFO: File not available, ignoring it:
'/var/log/maillog'.2018/08/31 13:10:13 ossec-logcollector(1904): INFO: File
not available, ignoring it: '/var/www/logs/access_log'.2018/08/31 13:10:13
ossec-logcollector(1904): INFO: File not available, ignoring it:
'/var/www/logs/error_log'.2018/08/31 13:10:13 ossec-logcollector(1904):
INFO: File not available, ignoring it: '/var/log/exim_mainlog'.2018/08/31
13:13:21 ossec-syscheckd(1124): ERROR: Could not rename file
'/usr/bin/vmware-user' to
'/var/ossec/queue/diff/local/usr/bin/vmware-user/last-entry' due to
[(2)-(No such file or directory)].*
Log from agent :
*2018/08/31 12:34:46 ossec-execd: INFO: Started (pid: 10201).2018/08/31
12:34:46 ossec-agentd: INFO: Using notify time: 600 and max time to
$2018/08/31 12:34:46 ossec-agentd(1410): INFO: Reading authentication keys
file.2018/08/31 12:34:46 ossec-agentd: INFO: Started (pid:
10205).2018/08/31 12:34:46 ossec-agentd: INFO: Server 1:
157.97.106.1072018/08/31 12:34:46 ossec-agentd: INFO: Trying to connect to
server 157.97.106.$2018/08/31 12:34:46 INFO: Connected to 157.97.106.107 at
address 157.97.106.107$2018/08/31 12:34:46 rootcheck: System audit file not
configured.2018/08/31 13:08:26 ossec-agentd(4101): WARN: Waiting for server
reply (not started). Tried: '157.97.106.107'.2018/08/31 13:08:28
ossec-agentd: INFO: Trying to connect to server 157.97.106.107, port
1514.2018/08/31 13:08:28 INFO: Connected to 157.97.106.107 at address
157.97.106.107, port 15142018/08/31 13:08:49 ossec-agentd(4101): WARN:
Waiting for server reply (not started). Tried: '157.97.106.107'.2018/08/31
13:09:09 ossec-agentd: INFO: Trying to connect to server 157.97.106.107,
port 1514.2018/08/31 13:09:09 INFO: Connected to 157.97.106.107 at address
157.97.106.107, port 15142018/08/31 13:09:11 ossec-syscheckd: INFO:
Starting syscheck scan (forwarding database).2018/08/31 13:09:11
ossec-syscheckd: WARN: Process locked. Waiting for permission...2018/08/31
13:09:30 ossec-agentd(4101): WARN: Waiting for server reply (not started).
Tried: '157.97.106.107'.2018/08/31 13:10:08 ossec-agentd: INFO: Trying to
connect to server 157.97.106.107, port 1514.2018/08/31 13:10:08 INFO:
Connected to 157.97.106.107 at address 157.97.106.107, port 15142018/08/31
13:10:21 ossec-logcollector: WARN: Process locked. Waiting for
permission...2018/08/31 13:10:29 ossec-agentd(4101): WARN: Waiting for
server reply (not started). Tried: '157.97.106.107'.*
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscri