Hi Peter, OSSEC will use the IP address specified by the kernel to access that specific destination ( the server). So, if you have two ips in different interfaces configured to be in the same network, your internal routing is going to be all messed up.
A simple way to fix that is to configure the agent IP (when running the manage_agents tool) to be a network instead of a unique address. (like 192.168.2.0/24): http://www.ossec.net/wiki/index.php/Know_How:DynamicIPs That should fix the problem (you will need to re-import the new key in the agent too). Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On 10/30/07, Peter M. Abraham <[EMAIL PROTECTED]> wrote: > > Greetings Daniel: > > Thank you for your thanks. > > On a CentOS 3 server where I upgraded from 1.3 to 1.4, I'm having a > problem where the agent is trying to communicate via one of the bound > IP's to the server, but not the primary IP address. > > So on the server, I'm getting: > > 2007/10/30 11:48:51 ossec-remoted(1213): Message from xxx.xxx.xxx.xxx > not allowed where the IP is not the primary network card IP (which is > bound to eth0). > > How can I fix this problem? > > Thank you. > >
