On Fri, Dec 3, 2010 at 2:58 PM, <[email protected]> wrote: >> Is the traffic going in both directions? > > How can I tell? There's no outside reason it shouldn't work. Ping works on > both machines to the other. No firewalls in between the two machines. >
By looking at the traffic in tcpdump. You should see lines going from the agent to the server, and lines from the server to the agent. It's a 2 way communications protocol. > >> Does the <remote> section in the ossec.conf on the manager configured to >> use the secure method? > > I haven't changed that file from the default, but this is it: > > > [r...@ackbar etc]# cat ossec.conf > <ossec_config> > <global> > <email_notification>no</email_notification> > </global> > ... SNIP ... > </ossec_config> > I don't see a <remote> section in there, which seems odd to me. Try adding the following to the manager's ossec.conf: <remote> <connection>secure</connection> </remote> You can probably put it just about anywhere in the file, but between </global> and <alerts> might be a good spot for it. (It's a "top level" configuration, if that makes sense.)
