Greetings,
I am having difficulty using the agent self-registration process using ossec-authd and agent-auth utilities. I am using OSSEC 2.6 on CentOS 5. When an agent registers, ossec-authd adds a new entry to the client.keys file that has "any" in the IP address field. However, when the agent then tries to talk to the ossec server, ossec-remoted rejects the IP address. With ossec-remoted in debug mode, I see this message: 2012/02/17 14:33:27 ossec-remoted(1213): WARN: Message from 10.3.16.192 not allowed. If I change "any" in the client.keys file to the agent's actual IP address, then agent communication is successful. Could there be anything in my OSSEC configuration that could be causing this rejection? I haven't been able to find anything in the docs. Since all my systems have fixed IP addresses. I would prefer that ossec-authd put the actual IP address in the client.keys entry rather than "any." Would it be reasonable to modify ossec-authd to have an option to do this? Thanks, Ross Oliver
