Hi thanks for the reply. I'm config the firewall in Ec2 instance. When I change the server security group to be of :
514 and 1514 to receive source from 0.0.0.0/0 Everything is working fine. But when I change the source address from 0.0.0.0/0 to one of the subnet its not working! That is where the problem is! On Thursday, August 23, 2012 6:45:53 PM UTC+5:30, dan (ddpbsd) wrote: > > On Thu, Aug 23, 2012 at 7:36 AM, ant's <[email protected] <javascript:>> > wrote: > > Hi all: > > > > I'm seeing these errors in my log file : > > > > 2012/08/23 11:23:06 ossec-agentd: INFO: Using IPv4 for: 5x.x.x.x.x . > > 2012/08/23 11:23:27 ossec-agentd(4101): WARN: Waiting for server reply > (not > > started). Tried: '5x.x.x.x. > > > > I'm sure this of some firewall issues. I have configured firewall this > way: > > > > Client: > > > > 514 and 1514 are opened as OUTBOUND > > > > In Server : > > > > 514 and 1514 are opened as INBOUNDS. > > > > I'm very new to OSSEC. Where I'm making the mistake? Thanks for your > reply. > > Not knowing anything about your firewall, but will those open ports > allow response traffic? And you've opened those up for UDP, right? > You can use tcpdump to make sure all of the traffic is getting to the > server and that it's sending responses. >
