Try: /var/ossec/bin/ossec-control enable debug I haven't tried setting debug to 2, but I know the above works.
Also, do a tcpdump on the server and the agent to see if there is traffic on port 1514. On Tue, Sep 28, 2010 at 12:03 PM, Chris Decker <[email protected]> wrote: > All, > > I just set up an OSSEC 2.5 server/agent installation on my testbed. I'm > having difficulty getting my agent to successfully communicate with the > server. My hunch is that my agent is having an issue talking Blowfish, but > I never had an issue with OSSEC 2.4 on these same machines. > > > Amplifying information: > > The Agent and Server are on separate physical machines > I disabled the software firewall on the machine serving the OSSEC Server > function (though the firewall already accepts UDP 1514, I wanted to play it > safe) > My OSSEC Agent can ping the OSSEC server > My OSSEC Agent is configured to connect to the correct IP address > The OSSEC Server is configured to use 'secure' connections, rather than > acting as a syslog server > The OSSEC server machine is listening on 1514/udp > The processes are starting without errors on both servers > The correct key is installed on the Agent > The OSSEC Server is not reporting any errors, even at debug level of 2. Its > like the server is unaware of any communication by the Agent. > The OSSEC Agent machine is showing a connection to the OSSEC server on port > 1514 (connection state: ESTABLISHED). > The OSSEC Agent is reporting a generic error when unsuccessfully contacting > the server, even at debug level of 2. > > > One interesting tid-bit is that I could install 2.4 on these servers without > adding any packages, but with 2.5 I had to install openssl-devel (and > dependencies) on the Agent machine before I could compile without errors. I > believe the OSSEC server already had openssl-devel installed. Prior to > installing openssl-devel I was getting errors when compiling in encryption > support. > > > Any help would be appreciated. I did my best to provide helpful > information, but if any other information is needed please let me know. > > > > Thanks, > Chris > > >
