Before doing what I said above, check if your client.keys doesn't have
duplicated IPs.
On Monday, June 20, 2016 at 9:35:12 AM UTC+2, Jesus Linares wrote:
>
> Hi Tahir,
>
> It could be an issue with the keys. OSSEC (agents and manager) keep a
> counter of each message sent and received in
Hi Tahir,
It could be an issue with the keys. OSSEC (agents and manager) keep a
counter of each message sent and received in /var/ossec/queue/rids. This is
a technique to prevent replay attacks. Let's try the following:
- In an agent of your particular subnet: stop it and go to
On Fri, Jun 17, 2016 at 5:27 AM, Tahir Hafiz wrote:
> Thanks. I am seeing this in the alerts.log for the ones not connecting, I
> mean they seem to be able to connect in network terms but not the OSSEC
> server instance process:
> ossec-remoted(1408): ERROR: Invalid ID for
Hi Thair,
Your Agents configuration are with static IP, Network or set to ANY?
Regards
---
Jose Luis Ruiz
Wazuh Inc.
j...@wazuh.com
On June 17, 2016 at 11:27:22 AM, Tahir Hafiz (tahir.ha...@gmail.com) wrote:
ERROR: Invalid ID for the source ip
--
---
You received this
Thanks. I am seeing this in the alerts.log for the ones not connecting, I
mean they seem to be able to connect in network terms but not the OSSEC
server instance process:
ossec-remoted(1408): ERROR: Invalid ID for the source ip: 'a.b.c.d'.
ossec-remoted(1213): WARN: Message from a.b.c.d not
It should work with port 1514 UDP. First, check if you have connectivity
between agents and manager (ping, telnet, tcpdump...) and review your
network settings (routers, firewall rules, etc). Then, check out the
ossec.log of each agent to see what it is the issue.
On Thursday, June 16, 2016 at
On Thu, Jun 16, 2016 at 12:27 PM, Tahir Hafiz wrote:
> We have an OSSEC server located in one particular subnet and the majority of
> the agents are located in the same subnet and work fine.
> However, we have a few OSSEC agents located in a different subnet and they
> are
We have an OSSEC server located in one particular subnet and the majority
of the agents are located in the same subnet and work fine.
However, we have a few OSSEC agents located in a different subnet and they
are having problems being able to connect to the server.
We have opened up port 1514