Re: [ossec-list] Agents can't communicate with server

Thu, 02 Dec 2010 17:01:11 -0800 

Can you show the logs from the server please.

On Thu, Dec 2, 2010 at 19:57,  <[email protected]> wrote:
> Excuse what is possibly a newb question, but I'm trying to setup an ossec
> server with a couple of agents.  The server is running on Fedora 9 x64 and
> as far as I can tell, it's working fine.  However, I have installed 2
> agents, 1 on windows 2008 R2 and another on Fedora 9. Neither of them can
> communicate with the server.  Well, I'm sure the windows agent isn't.  Not
> sure about the fedora 9 agent, how can I tell?
>
> The authentication key matches the key given on the server:
>
> Available agents:
>   ID: 001, Name: wombat.xxx.local, IP: 10.21.4.112
>   ID: 002, Name: skywarp.xxx.local, IP: 10.21.4.114
>
> The IP addresses are correct and the agents have the right IP address and
> auth key for the Fedora 9 server.  No firewall is configured on the server.
>
> On the windows agent, I see this over and over:
>
> 2010/12/02 19:32:45 ossec-agent(4101): WARN: Waiting for server reply (not
> started). Tried: 'ackbar/10.21.4.24'.
> 2010/12/02 19:32:45 ossec-agent: INFO: Trying next server ip in the line:
> '10.21.4.24'.
> 2010/12/02 19:32:46 ossec-agent: INFO: Closing connection to server
> (10.21.4.24:1514).
> 2010/12/02 19:32:46 ossec-agent: INFO: Trying to connect to server
> (10.21.4.24:1514).
>
> The fedora 9 agent logs:
>
> 2010/12/02 17:09:13 ossec-execd(1350): INFO: Active response disabled.
> Exiting.
> 2010/12/02 17:09:17 ossec-syscheckd: INFO: Started (pid: 2563).
> 2010/12/02 17:09:17 ossec-rootcheck: INFO: Started (pid: 2563).
> 2010/12/02 17:09:17 ossec-syscheckd: INFO: Monitoring directory: '/etc'.
> 2010/12/02 17:09:17 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin'.
> 2010/12/02 17:09:17 ossec-syscheckd: INFO: Monitoring directory:
> '/usr/sbin'.
> 2010/12/02 17:09:17 ossec-syscheckd: INFO: Monitoring directory: '/bin'.
> 2010/12/02 17:09:17 ossec-syscheckd: INFO: Monitoring directory: '/sbin'.
> 2010/12/02 17:09:19 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/messages'.
> 2010/12/02 17:09:19 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/secure'.
> 2010/12/02 17:09:19 ossec-logcollector(1950): INFO: Analyzing file:
> '/var/log/maillog'.
> 2010/12/02 17:09:19 ossec-logcollector: INFO: Started (pid: 2559).
> 2010/12/02 17:09:31 ossec-logcollector: WARN: Process locked. Waiting for
> permission...
> 2010/12/02 17:10:19 ossec-syscheckd: INFO: Starting syscheck scan
> (forwarding database).
> 2010/12/02 17:10:19 ossec-syscheckd: WARN: Process locked. Waiting for
> permission...
>
>
> Thanks for any help,
> Scott
>



-- 
Registered Linux User # 379282

Reply via email to