Re: [ossec-list] trouble getting agent to connect to host

2016-10-26 Thread Topper Bowers
Thanks! Ok... so I turned off the counters and I get the same problem... agent doesn't see response from manager. This time on the agent, I turned on tcpdump: ``` tcpdump -n src host and dst portrange 4501-65000 ``` Then when I received a reply from the manager, I immediately did an lsof -i

Re: [ossec-list] trouble getting agent to connect to host

2016-10-26 Thread Pedro Sanchez
For sure that ACK "HC_STARTUP" is not reaching the agent and that is why it does not connect. So the manager is sending the startup and it has connectivity with the agent host but not with the agent software. Confirm if the agent is listening at the right port, also you can use "strace" at agentd

Re: [ossec-list] trouble getting agent to connect to host

2016-10-26 Thread Topper Bowers
Thanks for the reply! I will try the counter thing right now. The manager has this in the logs: DEBUG: Agent my-hostname sent HC_STARTUP from xx.xx.xx.xx So... I think that means it is receiving it on the right port. I've tried redoing agent-auth a few times on that host now. I've also

Re: [ossec-list] trouble getting agent to connect to host

2016-10-26 Thread Topper Bowers
The agent (being the ossec software itself) does not... but a tcdump watching UDP sees the packets arriving at the agent. I also tried turning off iptables altogether to the same results. On Wednesday, October 26, 2016 at 1:27:05 PM UTC+2, dan (ddpbsd) wrote: > > On Wed, Oct 26, 2016 at 5:59

Re: [ossec-list] trouble getting agent to connect to host

2016-10-26 Thread dan (ddp)
On Wed, Oct 26, 2016 at 5:59 AM, Topper Bowers wrote: > Hello all, > > I'm using ossec 2.8.3 from wazzuh and I can't seem to get the agents to talk > to the host. It is exactly as described here: > https://botbot.me/freenode/ossec/2016-07-21/?msg=70001778=1. > > I've

Re: [ossec-list] trouble getting agent to connect to host

2016-10-26 Thread Pedro Sanchez
Seems like the agent is waiting for the ACK (HC_ACK) control message but it is not receiving it (start_agent.c ), few things you can try: - Disable counters on both sides,

[ossec-list] trouble getting agent to connect to host

2016-10-26 Thread Topper Bowers
Hello all, I'm using ossec 2.8.3 from wazzuh and I can't seem to get the agents to talk to the host. It is exactly as described here: https://botbot.me/freenode/ossec/2016-07-21/?msg=70001778=1. I've also put both the agent and the master into debug mode. I've also run tcpdump on both the