Have you restarted the manager's ossec processes since adding an agent? Try removing the agents whose keys were exposed, and re-add them with manage_agents.
On Fri, Jul 29, 2011 at 7:34 AM, Jani Karlsson <[email protected]> wrote: > Hi, > > I got 2 environments, prod and dev, both running virtualized RHEL5. > I installed agents to dev using manage_agents command but for prod I > used the new authd-tool. > > I am seeing weird problem in my prod environment where I registered > those agents with authd, > when I start ossec-remoted manually with debug I am getting: > > 2011/07/29 14:20:49 ossec-remoted(1213): WARN: Message from x.x.x.x > not allowed. > > on dev everything is working ok but no matter what I put to allowed- > ips list, prod's remoted just rejects these messages from clients. > > server's client-keys: > > 1034 memcache.prod.com any > e6b246fb352621e15399e4925ac199025a5bb9e769bf8165b3918d7b6dadb171 > 1035 www1.prod.com any > 2451d8ba59a0f5e80d477820c1464dcbdf3d9bfade0a0f4a82922367d98e9ef1 > > etc. those both match exactly to client's client.keys, only different > from env to prod where things are working is that agents were > registered with IPs and using manage_agents and prod was used authd- > tool. Can anyone help with this weirdness?
