Dan, I enabled debug mode and when the OSSEC Server processes started up I noticed an error saying it could not bind to port 1514. I did a quick netstat -tulp and discovered a stray process (ossec) that was already bound to that port. Once I killed off that process, OSSEC Server started up just fine and the Agents could all connect.
Thanks for your help! On Tue, Sep 28, 2010 at 12:35 PM, dan (ddp) <[email protected]> wrote: > Try: > /var/ossec/bin/ossec-control enable debug > > I haven't tried setting debug to 2, but I know the above works. > > Also, do a tcpdump on the server and the agent to see if there is > traffic on port 1514. > > On Tue, Sep 28, 2010 at 12:03 PM, Chris Decker <[email protected]> > wrote: > > All, > > > > I just set up an OSSEC 2.5 server/agent installation on my testbed. I'm > > having difficulty getting my agent to successfully communicate with the > > server. My hunch is that my agent is having an issue talking Blowfish, > but > > I never had an issue with OSSEC 2.4 on these same machines. > > > > > > Amplifying information: > > > > The Agent and Server are on separate physical machines > > I disabled the software firewall on the machine serving the OSSEC Server > > function (though the firewall already accepts UDP 1514, I wanted to play > it > > safe) > > My OSSEC Agent can ping the OSSEC server > > My OSSEC Agent is configured to connect to the correct IP address > > The OSSEC Server is configured to use 'secure' connections, rather than > > acting as a syslog server > > The OSSEC server machine is listening on 1514/udp > > The processes are starting without errors on both servers > > The correct key is installed on the Agent > > The OSSEC Server is not reporting any errors, even at debug level of 2. > Its > > like the server is unaware of any communication by the Agent. > > The OSSEC Agent machine is showing a connection to the OSSEC server on > port > > 1514 (connection state: ESTABLISHED). > > The OSSEC Agent is reporting a generic error when unsuccessfully > contacting > > the server, even at debug level of 2. > > > > > > One interesting tid-bit is that I could install 2.4 on these servers > without > > adding any packages, but with 2.5 I had to install openssl-devel (and > > dependencies) on the Agent machine before I could compile without > errors. I > > believe the OSSEC server already had openssl-devel installed. Prior to > > installing openssl-devel I was getting errors when compiling > in encryption > > support. > > > > > > Any help would be appreciated. I did my best to provide helpful > > information, but if any other information is needed please let me know. > > > > > > > > Thanks, > > Chris > > > > > > >
