I am trying to install my server from source and want to use the pre-packaged client on the agent system. Both the server and the clients are running CentOS 6.
So far I installed the server successfully other than remoted doesn't start until an agent is registered. To register the agents with the server I use the following command: /var/ossec/bin/agent-auth -m 192.168.0.78 -p 1515 -A ossec-client Once registered I can see the agent on the server: [root@centos bin]# ./agent_control -l OSSEC HIDS agent_control. List of available agents: ID: 000, Name: ossec.server (server), IP: 127.0.0.1, Active/Local ID: 1024, Name: ossec-client, IP: any, Never connected However I am not able to get the agent to connect. When using the RPM based installation of the server the clients connect successfully. On the client side the logs reports the following messages: 2014/11/05 15:00:39 ossec-agentd: INFO: Using IPv4 for: 192.168.0.78 . 2014/11/05 15:00:40 ossec-agentd(1403): ERROR: Incorrectly formated message from 'any'. 2014/11/05 15:00:40 ossec-agentd(1214): WARN: Problem receiving message from 192.168.0.78. 2014/11/05 15:00:49 ossec-agentd(1403): ERROR: Incorrectly formated message from 'any'. 2014/11/05 15:00:49 ossec-agentd(1214): WARN: Problem receiving message from 192.168.0.78. 2014/11/05 15:00:54 ossec-agentd(1403): ERROR: Incorrectly formated message from 'any'. 2014/11/05 15:00:54 ossec-agentd(1214): WARN: Problem receiving message from 192.168.0.78. 2014/11/05 15:01:00 ossec-agentd(1403): ERROR: Incorrectly formated message from 'any'. 2014/11/05 15:01:00 ossec-agentd(1214): WARN: Problem receiving message from 192.168.0.78. 2014/11/05 15:01:00 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: '192.168.0.78'. The reason I am building the server from source is to increase the number of agents. During the build process I set the max number of agents to 4096. [root@localhost src]# make setmaxagents Specify maximum number of agents: 4096 Maximum number of agents set to 4096 Any suggestion on how I can debug the cause of the communication break down between the server and client further. Thanks in advance -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
