Re: [ossec-list] OSSEC agents on different subnet unable to connect OSSEC server

2016-06-20 Thread Jesus Linares
Before doing what I said above, check if your client.keys doesn't have duplicated IPs. On Monday, June 20, 2016 at 9:35:12 AM UTC+2, Jesus Linares wrote: > > Hi Tahir, > > It could be an issue with the keys. OSSEC (agents and manager) keep a > counter of each message sent and received in

Re: [ossec-list] OSSEC agents on different subnet unable to connect OSSEC server

2016-06-20 Thread Jesus Linares
Hi Tahir, It could be an issue with the keys. OSSEC (agents and manager) keep a counter of each message sent and received in /var/ossec/queue/rids. This is a technique to prevent replay attacks. Let's try the following: - In an agent of your particular subnet: stop it and go to

Re: [ossec-list] OSSEC agents on different subnet unable to connect OSSEC server

2016-06-17 Thread dan (ddp)
On Fri, Jun 17, 2016 at 5:27 AM, Tahir Hafiz wrote: > Thanks. I am seeing this in the alerts.log for the ones not connecting, I > mean they seem to be able to connect in network terms but not the OSSEC > server instance process: > ossec-remoted(1408): ERROR: Invalid ID for

Re: [ossec-list] OSSEC agents on different subnet unable to connect OSSEC server

2016-06-17 Thread Jose Luis Ruiz
Hi Thair, Your Agents configuration are with static IP, Network or set to ANY? Regards --- Jose Luis Ruiz Wazuh Inc. j...@wazuh.com On June 17, 2016 at 11:27:22 AM, Tahir Hafiz (tahir.ha...@gmail.com) wrote: ERROR: Invalid ID for the source ip -- --- You received this

Re: [ossec-list] OSSEC agents on different subnet unable to connect OSSEC server

2016-06-17 Thread Tahir Hafiz
Thanks. I am seeing this in the alerts.log for the ones not connecting, I mean they seem to be able to connect in network terms but not the OSSEC server instance process: ossec-remoted(1408): ERROR: Invalid ID for the source ip: 'a.b.c.d'. ossec-remoted(1213): WARN: Message from a.b.c.d not

Re: [ossec-list] OSSEC agents on different subnet unable to connect OSSEC server

2016-06-17 Thread Jesus Linares
It should work with port 1514 UDP. First, check if you have connectivity between agents and manager (ping, telnet, tcpdump...) and review your network settings (routers, firewall rules, etc). Then, check out the ossec.log of each agent to see what it is the issue. On Thursday, June 16, 2016 at

Re: [ossec-list] OSSEC agents on different subnet unable to connect OSSEC server

2016-06-16 Thread dan (ddp)
On Thu, Jun 16, 2016 at 12:27 PM, Tahir Hafiz wrote: > We have an OSSEC server located in one particular subnet and the majority of > the agents are located in the same subnet and work fine. > However, we have a few OSSEC agents located in a different subnet and they > are

[ossec-list] OSSEC agents on different subnet unable to connect OSSEC server

2016-06-16 Thread Tahir Hafiz
We have an OSSEC server located in one particular subnet and the majority of the agents are located in the same subnet and work fine. However, we have a few OSSEC agents located in a different subnet and they are having problems being able to connect to the server. We have opened up port 1514