Greetings Mattias: If it helps:
On the osssec server # cat /var/ossec/logs/ossec.log | grep remote The above command should only show if there are errors or max events # /var/ossec/bin/ossec-control status On our ossec server (not the agent): /var/ossec/bin/ossec-control status ossec-monitord is running... ossec-logcollector is running... ossec-remoted is running... ossec-syscheckd is running... ossec-analysisd is running... ossec-maild is running... ossec-execd is running... # netstat -uanep |grep 1514 The above command should show netstat -uanep |grep 1514 udp 0 0 0.0.0.0:1514 0.0.0.0:* 0 886910371 16033/ ossec-remoted For the iptables command, iptables -L can take a long time to run out if you have several hundred rules, "iptables -vnL | more" can run a lot faster. The main thing to check for the iptables is that the server and agent should have two way traffic (in/out) allowed via iptables. Also, did you try to re-isntsall the ossec server and ossec agents? Thank you.
