Thank you for the info, it worked perfectly, now the server no longer complains about being unable to send messages to the clients.
Only one problem remains now, the agent on the VPN client (which does all the routing) on the remote side, is reported as inactive. Same behaviour: - the agent does not complain about anything in the logs - i can see an established udp connection from the agent to the server (udp/1514) - the server does not complain about anything in the logs ... but the agent is reported by the list_agents utility and by the WUI as inactive. The funny path is that in the WUI i can see events sent by that agent. Short description: - agent is on a machine with 192.168.a.b + 172.16.t.w IPs - server is on a machine with 10.x.y.z + 172.16.r.t IPs - the agent has been installed using the key generated by the server for IP 172.16.t.w - the agent on the machine for any connection towards 10.x.y.z would use source IP 172.16.t.w (as indicated by "ip route get 10.x.y.z") - the server listens only on the 10.x.y.z interface For now i'm running out of ideas, i guess i'll need to run some tcpdumps to figure out any cause. On Tue, Mar 29, 2011 at 5:00 PM, dan (ddp) <[email protected]> wrote: > local_ip > http://www.ossec.net/doc/syntax/head_ossec_config.remote.html > > On Tue, Mar 29, 2011 at 9:56 AM, Valentin Avram <[email protected]> wrote: > > Do you know what the option to specify the IP or network interface to use > > is? Cause on the manual on the ossec site i can't find anything. > > > > On Mon, Mar 28, 2011 at 9:58 PM, dan (ddp) <[email protected]> wrote: > >> > >> Wow, that seems pretty complicated. > >> > >> You can specify the IP address the OSSEC manager will use its > ossec.conf. > >> > >> You chould use tcpdump to see which IP address the OSSEC manager is > >> attempting to use when communicating with the agents. I'm guessing the > >> error message you see is because the manager is using the wrong IP. > >> > >> On Sun, Mar 27, 2011 at 5:13 PM, Valentin Avram <[email protected]> > wrote: > >> > > > > >
