On Tue, Sep 26, 2017 at 12:41 PM, James Stallard <jamesstall...@gmail.com> wrote: > Help anyone: > OK, I'm at a loss > Running version: > # ./ossec-analysisd -V > OSSEC HIDS v2.8 - Trend Micro Inc. > CentOS release 6.7 (Final) > On AWS > > I've distributed the keys by hand via manage_agents > and confirmed there is UDP connectivity from agent to server & back: > > Connection to aaa.zz.yy.xx 1514 port [udp/fujitsu-dtcns] succeeded! > > Yet I am still getting:: WARN: Waiting for server reply (not started). > Tried: 'aaa.zz.yy.xx' > The IP@ and port # on the agent is correct (in ossec.conf *and* in > ossec.log) > > I do have one agent that connects - it's on the same VPC as the server, so I > suspect a connectivity issue, but I can connect (at least via nc) so I don't > get it. > > I also don't see anything in the logs that indicates a configuration error- > including with the debug flag set. > > Any suggestions on debugging this one? >
Enable debugging on the manager (`/var/ossec/bin/ossec-control enable debug && /var/ossec/bin/ossec-control restart`). Watch ossec.log to see if it complains. Make sure there are no firewalls blocking the traffic. > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
