Is the firewall NATing the traffic? Do the agents look like they're coming from the same IP address? If so, they need to be added with 'any' as the IP (all IPs have to be unique unless you use CIDR or any).
On Mon, Nov 7, 2011 at 11:13 AM, Abey <[email protected]> wrote: > Hi, > > I have multiple ossec agents behind a firewall and everything is ok > for the first one (connects fine and I am able to receive logs) but I > cannot get add the second one keeps getting this error > > ossec-remoted(1403): ERROR: Incorrectly formated message from > 'x.x.x.x'. > > tried removing and adding the agent as said in the wiki > http://www.ossec.net/wiki/Errors:AgentCommunication but still the same > error. > > agent_control shows active only for the first agent configured. not > the second one. > > is there a way to find out why ossec server is getting this error ? > > Thanks, > Abey
