My server is setup on Ubuntu. I have 2 Windows XP PC's and 1 W2K server setup with the Windows client. The first PC I setup works fine. I then setup the W2K Server and the other XP server and get the Waiting for server reply response.. All of these systems are on our LAN which doesn't go through a firewall and firewall is not active on the XP PC's. Any ideas on what might be causing this? At the very bottom is the server log pertaining to these two clients. Any ideas on what is going on?
XP client Log which does not work 2007/10/10 14:45:01 ossec-agent: Connecting to server (192.168.2.96:1514). 2007/10/10 14:45:01 ossec-agent: Starting syscheckd thread. 2007/10/10 14:45:01 ossec-rootcheck: Started (pid: 720). 2007/10/10 14:45:01 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes'. 2007/10/10 14:45:01 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft'. 2007/10/10 14:45:01 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Policies'. 2007/10/10 14:45:01 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control'. 2007/10/10 14:45:01 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services'. 2007/10/10 14:45:01 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Security'. 2007/10/10 14:45:01 ossec-agent: Monitoring directory: 'C:\WINDOWS'. 2007/10/10 14:45:01 ossec-agent: Started (pid: 720). 2007/10/10 14:45:16 ossec-agent(4101): Waiting for server reply (not started). 2007/10/10 14:45:32 ossec-agent(4101): Waiting for server reply (not started). 2007/10/10 14:46:03 ossec-agent(4101): Waiting for server reply (not started). 2007/10/10 14:46:49 ossec-agent(4101): Waiting for server reply (not started). 2007/10/10 14:47:50 ossec-agent(4101): Waiting for server reply (not started). 2007/10/10 14:49:06 ossec-agent(4101): Waiting for server reply (not started). 2007/10/10 14:50:37 ossec-agent(4101): Waiting for server reply (not started). 2007/10/10 14:52:23 ossec-agent(4101): Waiting for server reply (not started). 2007/10/10 14:54:24 ossec-agent(4101): Waiting for server reply (not started). 2007/10/10 14:56:40 ossec-agent(4101): Waiting for server reply (not started). 2007/10/10 14:59:11 ossec-agent(4101): Waiting for server reply (not started). 2007/10/10 15:01:57 ossec-agent(4101): Waiting for server reply (not started). 2007/10/10 15:04:58 ossec-agent(4101): Waiting for server reply (not started). 2007/10/10 15:08:14 ossec-agent(4101): Waiting for server reply (not started). 2007/10/10 15:11:45 ossec-agent(4101): Waiting for server reply (not started). 2007/10/10 15:12:58 ossec-agent: Server unavailable. Setting lock. XP client log which does work 2007/10/05 14:24:24 ossec-agent: Connecting to server (192.168.2.96:1514). 2007/10/05 14:24:24 ossec-agent: Starting syscheckd thread. 2007/10/05 14:24:24 ossec-rootcheck: Started (pid: 792). 2007/10/05 14:24:24 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes'. 2007/10/05 14:24:24 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft'. 2007/10/05 14:24:24 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Policies'. 2007/10/05 14:24:24 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control'. 2007/10/05 14:24:24 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services'. 2007/10/05 14:24:24 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Security'. 2007/10/05 14:24:24 ossec-agent: Monitoring directory: 'C:\WINDOWS'. 2007/10/05 14:24:24 ossec-agent: Started (pid: 792). 2007/10/05 14:24:25 ossec-agent(4102): Connected to the server. 2007/10/05 14:24:26 ossec-agent(1951): Analyzing event log: 'Application'. 2007/10/05 14:24:29 ossec-agent(1123): Unable to delete file: 'shared/ar.conf'. 2007/10/05 14:24:31 ossec-agent(1951): Analyzing event log: 'Security'. 2007/10/05 14:24:33 ossec-agent(1951): Analyzing event log: 'System'. 2007/10/05 14:24:36 ossec-agent(1952): Monitoring variable log file: 'C:\WINDOWS\System32\LogFiles\W3SVC1\ex071005.log'. 2007/10/05 14:24:36 ossec-agent(1103): Unable to open file 'C:\WINDOWS\System32\LogFiles\W3SVC1\ex071005.log'. 2007/10/05 14:24:36 ossec-agent(1950): Analyzing file: 'C:\WINDOWS\System32\LogFiles\W3SVC1\ex071005.log'. 2007/10/05 14:24:36 ossec-agent: Started (pid: 792). Server Log Ossec-remoted(1403) : Incorrectly formatted message from IP (This is from my Windows 2000 Client) Ossec-remoted(1213) : Message from IP not allowed (This is from my XP client). As a reminder my XP clients do not run Windows firewall and there is no firewall between client/server. Any help would be appreciated. Thanks.
