Additional information: 1) I deleted the 2.6 Windows agent, installed a 2.7 agent, and used the same key - same result. 2) I deleted the agent key on the server, created a new key, re-installed the 2.7 agent - same result.
----- Original Message ----- > I upgraded a CentOS 5.9 server from OSSEC 2.6 to 2.7 > After restarting OSSEC server, all the 2.6 agents (both Windows and > Linux) resumed their connections except for 1 Windows agent. The > ossec.log showed: > > 2013/02/25 18:18:24 ossec-agent: INFO: Started (pid: 3580). > 2013/02/25 18:18:34 ossec-agent: WARN: Process locked. Waiting for > permission... > 2013/02/25 18:18:45 ossec-agent(4101): WARN: Waiting for server reply > (not started). Tried: '10.xxx.xxx.xxx'. > 2013/02/25 18:18:47 ossec-agent: INFO: Trying to connect to server > (10.xxx.xxx.xxx:1514). > 2013/02/25 18:18:47 ossec-agent: INFO: Using IPv4 for: 10.xxx.xxx.xxx > . > 2013/02/25 18:19:08 ossec-agent(4101): WARN: Waiting for server reply > (not started). Tried: '10.xxx.xxx.xxx'. > 2013/02/25 18:19:28 ossec-agent: INFO: Trying to connect to server > (10.xxx.xxx.xxx:1514). > 2013/02/25 18:19:28 ossec-agent: INFO: Using IPv4 for: 10.xxx.xxx.xxx > . > < etc.> > > Wireshark on the windows agent box shows UDP messages going to the > correct IP address, > > The strangest part is that running tethereal on the OSSEC server shows > the requests coming in, But unlike any of the agentt conversations, > there's no outbound messages from the OSSEC server. I can't find > anything that remotely looks like a log entry that may shed any > relevant information as to why the agent request is ignored. > > Starting OSSEC in debug mode does not shed any light on this. > > Anyone have any ideas? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
