Re: [ossec-list] Agent unable to connect to Server

Fri, 03 Dec 2010 08:09:54 -0800 

Can you run the following command on the OSSEC Server

iptables -vnL

and show the out put of that command


On Fri, Dec 3, 2010 at 10:52,  <[email protected]> wrote:
>> Watch the manager's logs while restarting the agent's process. It might
>> provide a clue.
>>
>> Also make sure the manager's processes were restarted after the client was
>> added, and make sure the client was configured on the manager with a unique
>> IP address.
>
> Okay, I restarted the manager and then the agents.  Still can't communicate
> and I don't see anything in the server logs about it:
>
> 2010/12/03 09:30:24 ossec-rootcheck: DEBUG: Going into check_rc_dev
> 2010/12/03 09:30:24 ossec-rootcheck: DEBUG: Starting on check_rc_dev
> 2010/12/03 09:30:24 ossec-rootcheck: DEBUG: Going into check_rc_sys
> 2010/12/03 09:30:24 ossec-rootcheck: DEBUG: Starting on check_rc_sys
> 2010/12/03 09:30:26 ossec-rootcheck: DEBUG: Going into check_rc_pids
> 2010/12/03 09:49:29 ossec-rootcheck: DEBUG: Going into check_rc_ports
> 2010/12/03 09:50:02 ossec-rootcheck: DEBUG: Going into check_open_ports
> 2010/12/03 09:50:02 ossec-rootcheck: DEBUG: Going into check_rc_if
> 2010/12/03 09:50:02 ossec-rootcheck: DEBUG: Completed with all checks.
> 2010/12/03 09:50:07 ossec-rootcheck: INFO: Ending rootcheck scan.
> 2010/12/03 09:50:07 ossec-rootcheck: DEBUG: Leaving run_rk_check
>
>
> The client packets are definitely getting thru, as the command "tcpdump -ni
> eth2 port 1514" shows activity after restarting the agent.  I have also
> turned off the windows firewall, which didn't help.
>
> The agents are configured as so:
>
> ****************************************
> * OSSEC HIDS v2.5.1 Agent manager.     *
> * The following options are available: *
> ****************************************
>   (A)dd an agent (A).
>   (E)xtract key for an agent (E).
>   (L)ist already added agents (L).
>   (R)emove an agent (R).
>   (Q)uit.
> Choose your action: A,E,L,R or Q: l
>
> Available agents:
>   ID: 001, Name: wombat.xyz.local, IP: 10.21.4.112
>   ID: 002, Name: skywarp.xyz.local, IP: 10.21.4.114
>
>
> Thanks,
> Scott
>



-- 
Registered Linux User # 379282

Reply via email to