What do the logs say? They should be in /var/ossec/logs Valère Binet [C] IT Security Administrator Kelly Government Solutions On-Site at the NIH NIH / NIA / IRP Tel : 410 558 8013 mailto: [email protected]
NCTS performance comments and survey at: https://niairpkiosk.irp.nia.nih.gov/content/ncts-user-survey On Apr 10, 2014, at 9:43 AM, Devendra Agarwal <[email protected]<mailto:[email protected]>> wrote: Hi Santiago, Thanks for the response. The system does have 2 IPs. I have verified with netstat that ossec binds to correct IP. There is no communication shown in the output of tcpdump on either IPs. In every case it fails, that server has NIC bonding (teaming) setup. I am wondering if I need to do anything else to configure ossec to accommodate NIC bonding. On Wednesday, 9 April 2014 21:26:15 UTC-4, Santiago Bassett wrote: Hi Devendra, does your system have multiple IP addresses? Is there any other agent connected to the server? I have experienced issues with systems running multiple IP addresses. If that is the case I would recommend to check with tcpdump which is the one that the agent uses to send data to the server, and be sure it matches the one configured for the agent. I hope it helps On Wed, Apr 9, 2014 at 1:29 PM, Devendra Agarwal <[email protected]<javascript:>> wrote: I installed ossec-hids-2.4.1 agent on a server running on Red Hat Linux 5.4. The agent is not communicating. Other agents are fine. It seems if I hace NIC bonding setup, this isue happens. Is there any known issue with ossec if there is NIC bonding setup? 2014/04/09 16:23:28 ossec-agentd: INFO: Trying to connect to server (3.144.193.45:1514<http://3.144.193.45:1514/>). 2014/04/09 16:23:49 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: '3.144.193.45'. 2014/04/09 16:24:27 ossec-agentd: INFO: Trying to connect to server (3.144.193.45:1514<http://3.144.193.45:1514/>). 2014/04/09 16:24:48 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: '3.144.193.45'. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<javascript:>. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
