Hey guys, I have been having troubles configuring agents and establishing communication between the OSSEC server I have set up and the agent.
The configuration: Server: Debian Wheezy - standard installation from github with option: server Client: Windows XP - Simple Agent from Github All of this runs on VMWare Workstation - I tried it both with NAT and Host-to-host routing. There is no firewall installed either on a VM nor in between them. I can see the UDP packets coming FROM the Windows Agent TO the debian server In the Windows Agent however I get the 4101 error as described here: http://ossec-docs.readthedocs.org/en/latest/faq/unexpected.html#the-communication-between-my-agent-and-the-server-is-not-working-what-to-do The keys have been transferred correctly. It is a fresh debian setup with just the essentials being installed. I have also set explicitly set the local_ip and port options in the <remote> configuration in /var/ossec/etc/ossec.conf IPs + Subnet range is whitelisted The Client has been restarted and run under System / User rights The server, the ossec server and the networking has been restarted several times between configuration changes. The ossec server logs and the WUI shows events such as - tcpdump has been started, root has logged in etc. But it does not show the windows agent What could be the problem ? Any help is highly apprechiated! Best R -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
