I have about 20 OSSEC agents connected to my OSSEC server without issue.
There are approximately 6 however that cannot connect. I'm using a
non-default port of 1520. Note: All IPs replaced here for OPSEC.
Logs:
- Agent:
- 2016/01/04 11:12:23 ossec-agentd: INFO: Using IPv4 for: SERVER_IP .
2016/01/04 11:12:44 ossec-agentd(4101): WARN: Waiting for server
reply (not started). Tried: 'SERVER_IP'.
- Server:
- Nothing outside the standard output, even with debug enabled
What I've done so far:
- Added rules into iptables to allow communication on both agent/sever
- TCPdump confirming on agent that it is sending packet
- TCPdump confirming on server that it is receiving agent packet
- Netcat on both server/agent:
- netcat -uv SERVER_IP 1520
Connection to SERVER_IP 1520 port [udp/*] succeeded!
- netcat -uv AGENT_IP1520
Connection to AGENT_IP 1520 port [udp/*] succeeded!
ossec.conf:
- <ossec_config>
<client>
<server-ip>SERVER_IP</server-ip>
<port>1520</port>
</client>
<remote>
<connection>secure</connection>
<protocol>tcp</protocol>
<port>1520</port>
</remote>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
