No firewall (hardware or software) involved and tcpdump does not show any communication between client and server. As soon as I install it on a server that doesn't have network bonding/teaming configured (even with multiple IPs), issue doesn't happen.
On Thursday, 10 April 2014 11:29:39 UTC-4, Santiago Bassett wrote: > > Could you check on the server with tcpdump if there is any traffic sent > from the agent and, in case there is, what IP is being used? I know you did > it with Netstat but there could be other factors involved (maybe > firewalls...) > > > > > On Thu, Apr 10, 2014 at 8:05 AM, Binet, Valere (NIH/NIA/IRP) [C] < > [email protected] <javascript:>> wrote: > >> What do the logs say? >> They should be in /var/ossec/logs >> >> Valère Binet [C] >> IT Security Administrator >> Kelly Government Solutions On-Site at the NIH >> NIH / NIA / IRP >> Tel : 410 558 8013 >> mailto: [email protected] <javascript:> >> >> >> NCTS performance comments and survey at: >> https://niairpkiosk.irp.nia.nih.gov/content/ncts-user-survey >> >> On Apr 10, 2014, at 9:43 AM, Devendra Agarwal >> <[email protected]<javascript:> >> <mailto:[email protected] <javascript:>>> wrote: >> >> Hi Santiago, >> >> Thanks for the response. The system does have 2 IPs. I have verified with >> netstat that ossec binds to correct IP. There is no communication shown in >> the output of tcpdump on either IPs. In every case it fails, that server >> has NIC bonding (teaming) setup. I am wondering if I need to do anything >> else to configure ossec to accommodate NIC bonding. >> >> >> >> On Wednesday, 9 April 2014 21:26:15 UTC-4, Santiago Bassett wrote: >> Hi Devendra, >> >> does your system have multiple IP addresses? Is there any other agent >> connected to the server? >> >> I have experienced issues with systems running multiple IP addresses. If >> that is the case I would recommend to check with tcpdump which is the one >> that the agent uses to send data to the server, and be sure it matches the >> one configured for the agent. >> >> I hope it helps >> >> >> >> On Wed, Apr 9, 2014 at 1:29 PM, Devendra Agarwal >> <[email protected]<javascript:>> >> wrote: >> I installed ossec-hids-2.4.1 agent on a server running on Red Hat Linux >> 5.4. The agent is not communicating. Other agents are fine. It seems if I >> hace NIC bonding setup, this isue happens. Is there any known issue with >> ossec if there is NIC bonding setup? >> >> 2014/04/09 16:23:28 ossec-agentd: INFO: Trying to connect to server ( >> 3.144.193.45:1514<http://3.144.193.45:1514/>). >> 2014/04/09 16:23:49 ossec-agentd(4101): WARN: Waiting for server reply >> (not started). Tried: '3.144.193.45'. >> 2014/04/09 16:24:27 ossec-agentd: INFO: Trying to connect to server ( >> 3.144.193.45:1514<http://3.144.193.45:1514/>). >> 2014/04/09 16:24:48 ossec-agentd(4101): WARN: Waiting for server reply >> (not started). Tried: '3.144.193.45'. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]<javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:><mailto: >> [email protected] <javascript:>>. >> For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
