On Wed, Nov 5, 2014 at 2:06 AM, Alexander Hartner <[email protected]> wrote: > I am trying to install my server from source and want to use the > pre-packaged client on the agent system. Both the server and the clients are > running CentOS 6. > > So far I installed the server successfully other than remoted doesn't start > until an agent is registered. > > To register the agents with the server I use the following command: > > /var/ossec/bin/agent-auth -m 192.168.0.78 -p 1515 -A ossec-client > > Once registered I can see the agent on the server: > > [root@centos bin]# ./agent_control -l > > OSSEC HIDS agent_control. List of available agents: > ID: 000, Name: ossec.server (server), IP: 127.0.0.1, Active/Local > ID: 1024, Name: ossec-client, IP: any, Never connected > > However I am not able to get the agent to connect. When using the RPM based > installation of the server the clients connect successfully. > > On the client side the logs reports the following messages: > > 2014/11/05 15:00:39 ossec-agentd: INFO: Using IPv4 for: 192.168.0.78 . > 2014/11/05 15:00:40 ossec-agentd(1403): ERROR: Incorrectly formated message > from 'any'. > 2014/11/05 15:00:40 ossec-agentd(1214): WARN: Problem receiving message from > 192.168.0.78. > 2014/11/05 15:00:49 ossec-agentd(1403): ERROR: Incorrectly formated message > from 'any'. > 2014/11/05 15:00:49 ossec-agentd(1214): WARN: Problem receiving message from > 192.168.0.78. > 2014/11/05 15:00:54 ossec-agentd(1403): ERROR: Incorrectly formated message > from 'any'. > 2014/11/05 15:00:54 ossec-agentd(1214): WARN: Problem receiving message from > 192.168.0.78. > 2014/11/05 15:01:00 ossec-agentd(1403): ERROR: Incorrectly formated message > from 'any'. > 2014/11/05 15:01:00 ossec-agentd(1214): WARN: Problem receiving message from > 192.168.0.78. > 2014/11/05 15:01:00 ossec-agentd(4101): WARN: Waiting for server reply (not > started). Tried: '192.168.0.78'. >
Try editing the client.keys file to change "any" to the specific IP address of the agent. Restart the manager's OSSEC processes and check back. > > The reason I am building the server from source is to increase the number of > agents. During the build process I set the max number of agents to 4096. > > [root@localhost src]# make setmaxagents > Specify maximum number of agents: 4096 > Maximum number of agents set to 4096 > > > > > > > Any suggestion on how I can debug the cause of the communication break down > between the server and client further. > > Thanks in advance > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
