[ossec-list] Re: lazy osssec-remoted

[Jose Luis Vázquez González]

Hi, It looks that remoted is running now in the server, but the clients don't connect with it: # ps -aef |grep ossec ossecm    4785     1  0 Apr14 ?        00:00:00 /var/ossec/bin/ossec-maild root      4789     1  0 Apr14 ?        00:00:00 /var/ossec/bin/ossec-execd ossec     4793     1  0 Apr14 ?        00:00:06 /var/ossec/bin/ossec-analysisd root      4797     1  0 Apr14 ?        00:00:01 /var/ossec/bin/ossec-logcollector ossecr    4804     1  0 Apr14 ?        00:00:00 /var/ossec/bin/ossec-remoted root      4816     1  0 Apr14 ?        00:01:12 /var/ossec/bin/ossec-syscheckd ossec     4820     1  0 Apr14 ?        00:00:00 /var/ossec/bin/ossec-monitord # cat /var/ossec/logs/ossec.log |grep remoted 2009/04/14 08:52:40 ossec-remoted: INFO: Started (pid: 4801). 2009/04/14 08:52:40 ossec-remoted: Remote syslog allowed from: '10.90.12.0/24' 2009/04/14 08:52:40 ossec-remoted: Remote syslog allowed from: '192.168.199.0/24' 2009/04/14 08:52:40 ossec-remoted: INFO: Started (pid: 4804). 2009/04/14 08:52:40 ossec-remoted: INFO: Started (pid: 4806). 2009/04/14 08:52:40 ossec-remoted(4111): INFO: Maximum number of agents allowed: '256'. 2009/04/14 08:52:40 ossec-remoted(1410): INFO: Reading authentication keys file. # /var/ossec/bin/agent_control -l OSSEC HIDS agent_control. List of available agents:    ID: 000, Name: incubadora (server), IP: 127.0.0.1, Active/Local    ID: 001, Name: Tys14lnx, IP: 10.90.12.30, Never connected    ID: 003, Name: oradesa, IP: 10.90.12.234, Never connected    ID: 004, Name: slab03fc6, IP: 192.168.199.200, Never connected Got to check the clients, now. Jose Daniel Cid escribió: Hi Jose, Check your logs. Try restarting OSSEC and looking for ossec-remoted in the logs: # cat /var/ossec/logs/ossec.log |grep remoted To see the list of remote managed agents, run: # /var/ossec/bin/agent-control -l Thanks,