On Thu, Jun 14, 2012 at 3:01 PM, Daniel Flores <[email protected]> wrote: > Tnks ddp, > I opened the port but still can´t connect them, mmmm I have my server in > Ubuntu server 12.04 LTS, it's IP is 11.10.1.xxx and the agent i want to > reach is 192.168.100.xxx I installed the agent, got the key, import the key > and run the agent but it doesn´t run. > In the firewall I have a rule which allows traffic by port udp 1514 both > ways from server 192.168... to the ossec server 11.10.1.xxx. But still agent > doesn't run > I don´t know what else todo. >
You haven't really done much. Being lost at this point is a bad sign. First, did you check the firewall's logs to see if it blocked the traffic? Next, if your OSSEC server is 11.10.1.xxx you need 11.10.1.xxx:1514 open. The agent needs to be able to reach the OSSEC server's 1514 (udp) port. Next, make sure iptables on the Ubuntu OSSEC server isn't blocking the traffic. Next, use tcpdump on the OSSEC server to make sure the traffic is getting to the OSSEC server. If it is, check for responses from the OSSEC server. Also make sure the agent's IP address shows up correctly. If it isn't what you entered in manage_agents you've done something wrong. Also, check the /var/ossec/logs/ossec.log for any log entries related to this agent. > > best regards > Saludos. > Daniel Flores > > 2012/6/14 dan (ddp) <[email protected]> > >> On Thu, Jun 14, 2012 at 1:46 PM, Daniel Flores >> <[email protected]> wrote: >> > Hi, I am installing an agent in Windows, i have 2 LAN's connected by 2 >> > firewalls, in one LAN is the OSSEC server and in the other LAN is the >> > agent, what i want to know is which port the ossec agent uses to >> > connect to the server? >> > >> > Thanks >> > Daniel Flores >> >> By default the server listens on udp 1514. Traffic should be allowed both >> ways. > > > > > -- > Daniel Flores
