I'm having a super hard time working to get some agents back connected to my OSSEC server. I'm not really sure where to start so I'll show you what I've got so far:
All of the hosts shown when I run ossec_control -l show Disconnected or Never Connected. However, I'm able to restart agents using the ossec_control -R <id> command AND my logs on my agents show that they're connected to my server. Why won't they show as connected? I've tried removing agents and re-adding them. Restarting services on both server and guest doesn't help and doesn't show any errors. Debug mode doesn't give me anything good either. What am I missing? Requisite details: $ uname -ar; cat /etc/*release Linux 3.13.0-29-generic #53-Ubuntu SMP Wed Jun 4 21:00:20 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux DISTRIB_ID=Ubuntu DISTRIB_RELEASE=14.04 DISTRIB_CODENAME=trusty DISTRIB_DESCRIPTION="Ubuntu 14.04.1 LTS" NAME="Ubuntu" VERSION="14.04.1 LTS, Trusty Tahr" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 14.04.1 LTS" VERSION_ID="14.04" HOME_URL="http://www.ubuntu.com/"; SUPPORT_URL="http://help.ubuntu.com/"; BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"; $ sudo /var/ossec/bin/ossec-logtest -V OSSEC HIDS v2.8 - Trend Micro Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License (version 2) as published by the Free Software Foundation. For more details, go to http://www.ossec.net/main/license/ -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
