On Wed, Nov 5, 2014 at 9:20 AM, dan (ddp) <[email protected]> wrote: > On Wed, Nov 5, 2014 at 2:06 AM, Alexander Hartner <[email protected]> > wrote: >> I am trying to install my server from source and want to use the >> pre-packaged client on the agent system. Both the server and the clients are >> running CentOS 6. >> >> So far I installed the server successfully other than remoted doesn't start >> until an agent is registered. >> >> To register the agents with the server I use the following command: >> >> /var/ossec/bin/agent-auth -m 192.168.0.78 -p 1515 -A ossec-client >> >> Once registered I can see the agent on the server: >> >> [root@centos bin]# ./agent_control -l >> >> OSSEC HIDS agent_control. List of available agents: >> ID: 000, Name: ossec.server (server), IP: 127.0.0.1, Active/Local >> ID: 1024, Name: ossec-client, IP: any, Never connected >> >> However I am not able to get the agent to connect. When using the RPM based >> installation of the server the clients connect successfully. >> >> On the client side the logs reports the following messages: >> >> 2014/11/05 15:00:39 ossec-agentd: INFO: Using IPv4 for: 192.168.0.78 . >> 2014/11/05 15:00:40 ossec-agentd(1403): ERROR: Incorrectly formated message >> from 'any'. >> 2014/11/05 15:00:40 ossec-agentd(1214): WARN: Problem receiving message from >> 192.168.0.78. >> 2014/11/05 15:00:49 ossec-agentd(1403): ERROR: Incorrectly formated message >> from 'any'. >> 2014/11/05 15:00:49 ossec-agentd(1214): WARN: Problem receiving message from >> 192.168.0.78. >> 2014/11/05 15:00:54 ossec-agentd(1403): ERROR: Incorrectly formated message >> from 'any'. >> 2014/11/05 15:00:54 ossec-agentd(1214): WARN: Problem receiving message from >> 192.168.0.78. >> 2014/11/05 15:01:00 ossec-agentd(1403): ERROR: Incorrectly formated message >> from 'any'. >> 2014/11/05 15:01:00 ossec-agentd(1214): WARN: Problem receiving message from >> 192.168.0.78. >> 2014/11/05 15:01:00 ossec-agentd(4101): WARN: Waiting for server reply (not >> started). Tried: '192.168.0.78'. >> > > Try editing the client.keys file to change "any" to the specific IP > address of the agent. Restart the manager's OSSEC processes and check > back. >
Before you do that actually, make sure you restart the OSSEC processes on the manager after adding the first agent. I just tested with the latest source and everything seems to be working fine. >> >> The reason I am building the server from source is to increase the number of >> agents. During the build process I set the max number of agents to 4096. >> >> [root@localhost src]# make setmaxagents >> Specify maximum number of agents: 4096 >> Maximum number of agents set to 4096 >> >> >> >> >> >> >> Any suggestion on how I can debug the cause of the communication break down >> between the server and client further. >> >> Thanks in advance >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
