All, I just set up an OSSEC 2.5 server/agent installation on my testbed. *I'm having difficulty getting my agent to successfully communicate with the server*. My hunch is that my agent is having an issue talking Blowfish, but I never had an issue with OSSEC 2.4 on these same machines.
*Amplifying information*: - The Agent and Server are on separate physical machines - I disabled the software firewall on the machine serving the OSSEC Server function (though the firewall already accepts UDP 1514, I wanted to play it safe) - My OSSEC Agent can ping the OSSEC server - My OSSEC Agent is configured to connect to the correct IP address - The OSSEC Server is configured to use 'secure' connections, rather than acting as a syslog server - The OSSEC server machine is listening on 1514/udp - The processes are starting without errors on both servers - The correct key is installed on the Agent - The OSSEC Server is not reporting any errors, even at debug level of 2. Its like the server is unaware of any communication by the Agent. - The OSSEC Agent machine is showing a connection to the OSSEC server on port 1514 (connection state: ESTABLISHED). - The OSSEC Agent is reporting a generic error when unsuccessfully contacting the server, even at debug level of 2. One interesting tid-bit is that I could install 2.4 on these servers without adding any packages, but with 2.5 I had to install openssl-devel (and dependencies) on the Agent machine before I could compile without errors. I believe the OSSEC server already had openssl-devel installed. Prior to installing openssl-devel I was getting errors when compiling in encryption support. Any help would be appreciated. I did my best to provide helpful information, but if any other information is needed please let me know. Thanks, Chris
