Greetings:
I got past the error of agents connecting by doing the following:
1. In the remote section of the server ossec.conf use the <local_ip>
setting to fix the IP as the pubic ip. Given that "netstat -lnupe |
grep :1514" showed ossec-remoted listening on ALL ports, this should
not have been needed.
2. On Windows servers, uninstall and the install the agent fresh
(using new keys); and on Linux agents, just install over the ossec
stating "no" to upgrade, delete the ossec directory, and just be sure
to save any custom work in /var/ossec/etc/ossec.conf to put back in
prior to restarting the agent.
Thus stated, I'm still seeing errors on the new GSS server running on
the Xen guest:
/var/log/ossec/ossec.log on the server:
2009/12/22 17:26:16 ossec-remoted(1403): ERROR: Incorrectly
formated message from '[IP of an agent]'.
And I'm not sure how to resolve that issue. Thoughts?
Thank you.
