> > If the agent and server are on different networks or thru a vpn tunnel you > could check these links for further help.
You might need to use the FQDN and CIDR for the Agent Name when you setup the agent. http://www.ossec.net/doc/faq/unexpected.html http://www.ossec.net/doc/manual/agent/agent-management.html If the agent’s packets are making it to the manager, the manager will also include error messages in its ossec.log related to that agent. Some possible issues: - The agent may not be using the correct IP address. Some systems with multiple IP addresses may not choose the correct one to communicate with the OSSEC manager. Using any or a CIDR address (192.168.1.0/24) for the agent may be one solution, and adjusting the system’s route settings is another. - Every agent must be using a unique key. If 2 agents look like they’re coming from the same IP (possibly from a NAT gateway), then any or the CIDR address should be used to identify them on the manager. - There may be a firewall blocking the OSSEC traffic, udp 1514 should be allowed to and from the manager. - UAC may be blocking the OSSEC service from communicating with the manager on Windows 7. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
