On Thu, Aug 23, 2012 at 7:36 AM, ant's <[email protected]> wrote: > Hi all: > > I'm seeing these errors in my log file : > > 2012/08/23 11:23:06 ossec-agentd: INFO: Using IPv4 for: 5x.x.x.x.x . > 2012/08/23 11:23:27 ossec-agentd(4101): WARN: Waiting for server reply (not > started). Tried: '5x.x.x.x. > > I'm sure this of some firewall issues. I have configured firewall this way: > > Client: > > 514 and 1514 are opened as OUTBOUND > > In Server : > > 514 and 1514 are opened as INBOUNDS. > > I'm very new to OSSEC. Where I'm making the mistake? Thanks for your reply.
Not knowing anything about your firewall, but will those open ports allow response traffic? And you've opened those up for UDP, right? You can use tcpdump to make sure all of the traffic is getting to the server and that it's sending responses.
