Hi all, I've just installed OSSEC 2 on an Ubuntu 6.06 server 32bit system. It's part of a simple cluster where there's a floating IP, eth0:0. I setup 2 agents, and during the initial setup gave them the floating IP. Here's what both saw in the logs:
2009/03/16 14:42:11 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: 'xxx.xxx.xxx.xxx'. 2009/03/16 14:42:33 ossec-agentd: INFO: Trying to connect to server (xxx.xxx.xxx.xxx:1514). I restarted the server and agents several times. Then on one of the agents, I changed the server IP in /var/ossec/etc/ ossec.conf. I restarted the agent and when I ran /var/ossec/bin/ list_agents -c on the server, I saw that it was connectd. I've searched for any file on the server that might let me specify what IP or interface to listen on but I can't find anything. Connectivity to the virtual interface, aside from OSSEC, works without any problems whatsoever. The server and clients are on the same subnet. There are no firewalls involved. I'm sure I'm missing something very simple :)
