Could it be because you have multiple source IPs? Try creating a new agent on the server and use the subnet.
manage_agents, a, hostname, 192.168.1.0/24, y. Then import the new key generated and see if that helps. That would confirm source IP origination is the problem. Else, use wireshark or tcpdump on agent and server to look for 1514 packets sent/received. On Jan 25, 12:35 pm, Steve Kuntz <[email protected]> wrote: > I have communication issues between my server and agents. > > All agents on the servers subnet can connect to the server. > > I have agents on other subnets which I've tried to configure in > different ways and they can't connect to the server > > 2012/01/25 15:25:51 ossec-agent: INFO: Trying to connect to server > (10.100.10.11:1514). > 2012/01/25 15:25:51 ossec-agent: INFO: Using IPv4 for: 10.100.10.11 . > 2012/01/25 15:26:12 ossec-agent(4101): WARN: Waiting for server reply > (not started). Tried: '10.100.10.11'. > > No entries in the log of the server ossec.log for this. > No client firewall running. > > There is a firewall between the subnets so I opened 1514 between them > but I still had the communication issue. I tried to get around this by > adding an interface for the other subnets on the ossec server with IPs > on those subnets and pointing the agents to the IP on their subnet. I > get the same result above. I haven't been able to find anything. Any > help is appreciated. > > OSSEC HIDS v2.6
