-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello
Have 2 systemes on running centos and en running ubuntu.
Im receving the same error from both systems.
Tha agent cant connect to the server
agents logfiles
09/29 13:13:22 ossec-agentd: INFO: Trying to connect to server
(192.168.0.1:1514).
2008/09/29 13:13:32 ossec-agentd(1218): ERROR: Unable to send message
to server.
2008/09/29 13:13:43 ossec-agentd(1218): ERROR: Unable to send message
to server.
2008/09/29 13:13:43 ossec-agentd(4101): WARN: Waiting for server reply
(not started). Tried:
Server logfiles
09/29 11:46:39 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/maillog'.
2008/09/29 11:46:39 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/httpd/error_log'.
2008/09/29 11:46:39 ossec-logcollector(1950): INFO: Analyzing file:
'/var/log/httpd/access_log'.
2008/09/29 11:46:39 ossec-logcollector(1950): INFO: Analyzing file:
'/etc/httpd/logs/access_log'.
2008/09/29 11:46:39 ossec-logcollector(1950): INFO: Analyzing file:
'/etc/httpd/logs/error_log'.
2008/09/29 11:46:39 ossec-logcollector: INFO: Started (pid: 15424).
2008/09/29 11:51:45 ossec-syscheckd: INFO: Starting syscheck scan (db).
2008/09/29 11:58:26 ossec-syscheckd: INFO: Ending syscheck scan (db).
2008/09/29 11:58:46 ossec-rootcheck: INFO: Starting rootcheck scan.
2008/09/29 12:06:00 ossec-rootcheck: INFO: Ending rootcheck scan.
If a run an tcpdump in server a get
11:52:09.223972 IP (tos 0x0, ttl 64, id 44473, offset 0, flags [DF],
proto: UDP (17), length: 101) fo-dev-svn.fareonline.net.36968 >
192.168.3.8.fujitsu-dtcns: UDP, length 73
0x0000: 4500 0065 adb9 4000 4011 0573 c0a8 0303 [EMAIL PROTECTED]@..s....
0x0010: c0a8 0308 9068 05ea 0051 db94 3acf 3621 .....h...Q..:.6!
0x0020: df58 4b3d 6ed3 6fd2 0e8f acbc 69e3 0a9c .XK=n.o.....i...
0x0030: f63f 8b8f e566 118d 7f81 3194 0967 ead5 .?...f....1..g..
0x0040: 6c31 db16 11c7 549b ec8b 0bb5 6bc1 32f4 l1....T.....k.2.
0x0050: 5fe8 624d 4480 6565 4e48 2e0b f4d6 6039 _.bMD.eeNH....`9
0x0060: 16b7 a123 04 ...#.
11:52:14.932327 IP (tos 0x0, ttl 64, id 44474, offset 0, flags [DF],
proto: UDP (17), length: 101) fo-dev-svn.fareonline.net.36968 >
192.168.3.8.fujitsu-dtcns: UDP, length 73
0x0000: 4500 0065 adba 4000 4011 0572 c0a8 0303 [EMAIL PROTECTED]@..r....
0x0010: c0a8 0308 9068 05ea 0051 706a 3a1c bff0 .....h...Qpj:...
0x0020: 2b03 602f 08a7 21cc aa84 b5ed b4e9 f70c +.`/..!.........
0x0030: 32ff 01d4 a8e8 82f9 49bb 4430 1af1 1a8d 2.......I.D0....
0x0040: 7233 19ef 9310 edf6 456d eb5d 4cc8 3cc0 r3......Em.]L.<.
0x0050: 8206 941e c1f4 ee68 0126 34ab 95f7 997d .......h.&4....}
0x0060: cb23 658d 6d .#e.m
11:52:24.285779 IP (tos 0x0, ttl 64, id 44475, offset 0, flags [DF],
proto: UDP (17), length: 101) fo-dev-svn.fareonline.net.36968 >
192.168.3.8.fujitsu-dtcns: UDP, length 73
0x0000: 4500 0065 adbb 4000 4011 0571 c0a8 0303 [EMAIL PROTECTED]@..q....
0x0010: c0a8 0308 9068 05ea 0051 aa1e 3a13 e558 .....h...Q..:..X
0x0020: 94a8 2e6c ec40 e421 6c9c 873a 286a a746 [EMAIL PROTECTED]:(j.F
0x0030: 9be7 42f4 b1eb 36f2 8755 084b b57b 51af ..B...6..U.K.{Q.
0x0040: 67b1 e65f 7a55 ceac 6ca9 d5b0 dc10 0e09 g.._zU..l.......
0x0050: 09ac 208f 3602 4502 5d80 4dfe de0b 9996 ....6.E.].M.....
0x0060: 8f43 9461 b3 .C.a.
Whitch indikates that the agents messages gets to the server but the
ossec server would not recive the data.
Have tried to re install alla agents and server. And there is no
firewall aor any other restriction between the servers.
Any ides ??
// matte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI4LpZNJQJ1TN4TrgRAtMmAKCa80/Q1iDza2zt94yFHYtzHTlXGgCfbLAc
yynOycR4PAu02RItU5D+JIE=
=UYAE
-----END PGP SIGNATURE-----
