[ossec-list] Agents can't communicate with server

Thu, 02 Dec 2010 16:58:20 -0800

Excuse what is possibly a newb question, but I'm trying to setup an ossec server with a couple of agents. The server is running on Fedora 9 x64 and as far as I can tell, it's working fine. However, I have installed 2 agents, 1 on windows 2008 R2 and another on Fedora 9. Neither of them can communicate with the server. Well, I'm sure the windows agent isn't. Not sure about the fedora 9 agent, how can I tell? 

The authentication key matches the key given on the server:

Available agents:
   ID: 001, Name: wombat.xxx.local, IP: 10.21.4.112
   ID: 002, Name: skywarp.xxx.local, IP: 10.21.4.114
The IP addresses are correct and the agents have the right IP address and auth key for the Fedora 9 server. No firewall is configured on the server. 

On the windows agent, I see this over and over:
2010/12/02 19:32:45 ossec-agent(4101): WARN: Waiting for server reply (not started). Tried: 'ackbar/10.21.4.24'. 2010/12/02 19:32:45 ossec-agent: INFO: Trying next server ip in the line: '10.21.4.24'. 2010/12/02 19:32:46 ossec-agent: INFO: Closing connection to server (10.21.4.24:1514). 2010/12/02 19:32:46 ossec-agent: INFO: Trying to connect to server (10.21.4.24:1514). 

The fedora 9 agent logs:
2010/12/02 17:09:13 ossec-execd(1350): INFO: Active response disabled. Exiting. 
2010/12/02 17:09:17 ossec-syscheckd: INFO: Started (pid: 2563).
2010/12/02 17:09:17 ossec-rootcheck: INFO: Started (pid: 2563).
2010/12/02 17:09:17 ossec-syscheckd: INFO: Monitoring directory: '/etc'.
2010/12/02 17:09:17 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin'. 2010/12/02 17:09:17 ossec-syscheckd: INFO: Monitoring directory: '/usr/sbin'. 
2010/12/02 17:09:17 ossec-syscheckd: INFO: Monitoring directory: '/bin'.
2010/12/02 17:09:17 ossec-syscheckd: INFO: Monitoring directory: '/sbin'. 2010/12/02 17:09:19 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/messages'. 2010/12/02 17:09:19 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/secure'. 2010/12/02 17:09:19 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/maillog'. 
2010/12/02 17:09:19 ossec-logcollector: INFO: Started (pid: 2559).
2010/12/02 17:09:31 ossec-logcollector: WARN: Process locked. Waiting for permission... 2010/12/02 17:10:19 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2010/12/02 17:10:19 ossec-syscheckd: WARN: Process locked. Waiting for permission... 


Thanks for any help,
Scott

Reply via email to