So I've enabled debugging on the server and am getting many of these: 2012/01/27 13:45:39 ossec-remoted(1403): ERROR: Incorrectly formated message from '10.100.100.110'.
(incorrect spelling and everything "formated" ) Looked up the error and it turns out that I was thinking too complex... Copy to the RDP session didn't work correctly. Re-entered all the keys on the clients and tada! Thanks for all your help and suggestions. On Jan 26, 2:21 pm, BP9906 <[email protected]> wrote: > Check the ossec.log file on the server? Just curious if there's any > issue there. > > Else, you'll probably have to enable debugging on both sides to see > whats going on. > > On Jan 26, 8:56 am, Scott VR <[email protected]> wrote: > > > > > > > > > On Jan 26, 2012, at 9:26 AM, Steve Kuntz <[email protected]> wrote: > > > > I'm reluctant to install wireshark on the agent at this point. > > > It may be your quickest path to a resolution, though. That or a span/mirror > > port on the switch. > > Check the routing table on the server to see how traffic is sent back *to* > > the server. Run a tcpdump on all interfaces on the server for traffic > > destined *to* the client; it may be that traffic the other direction is > > trying to go out a different interface. > > > --ScottVR
