I upgraded ossec server from 2.8 to 2.8.2 and all my windows agents cannot connect to server. Only ossec-server agent is able to connect.
2015/08/31 10:06:33 ossec-agent: INFO: Trying to connect to server (100.0.1.3:1514). 2015/08/31 10:06:33 ossec-agent: INFO: Using IPv4 for: 100.0.1.3 . 2015/08/31 10:06:54 ossec-agent(4101): WARN: Waiting for server reply (not started). Tried: '100.0.1.3'. 2015/08/31 10:10:32 ossec-agent: INFO: Trying to connect to server (100.0.1.3:1514). 2015/08/31 10:10:32 ossec-agent: INFO: Using IPv4 for: 100.0.1.3 . 2015/08/31 10:10:53 ossec-agent(4101): WARN: Waiting for server reply (not started). Tried: '100.0.1.3'. 2015/08/31 10:14:49 ossec-agent: INFO: Trying to connect to server (100.0.1.3:1514). 2015/08/31 10:14:49 ossec-agent: INFO: Using IPv4 for: 100.0.1.3 . 2015/08/31 10:15:10 ossec-agent(4101): WARN: Waiting for server reply (not started). Tried: '100.0.1.3'. 2015/08/31 10:19:24 ossec-agent: INFO: Trying to connect to server (100.0.1.3:1514). 2015/08/31 10:19:24 ossec-agent: INFO: Using IPv4 for: 100.0.1.3 . 2015/08/31 10:19:45 ossec-agent(4101): WARN: Waiting for server reply (not started). Tried: '100.0.1.3'. Ossec.log 2015/08/31 11:18:32 ossec-testrule: INFO: Reading local decoder file. 2015/08/31 11:18:32 ossec-testrule: INFO: Started (pid: 2388). 2015/08/31 11:18:33 ossec-execd: INFO: Started (pid: 2419). 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading local decoder file. 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'rules_config.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'pam_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'sshd_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'telnetd_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'syslog_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'arpwatch_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'symantec-av_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'symantec-ws_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'pix_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'named_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'smbd_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'vsftpd_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'pure-ftpd_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'proftpd_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'ms_ftpd_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'ftpd_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'hordeimp_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'roundcube_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'wordpress_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'cimserver_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'vpopmail_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'vmpop3d_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'courier_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'web_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'web_appsec_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'apache_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'nginx_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'php_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'mysql_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'postgresql_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'ids_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'squid_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'firewall_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'cisco-ios_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'netscreenfw_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'sonicwall_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'postfix_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'sendmail_rules.xml' 2015/08/31 11:18:33 ossec-remoted: INFO: Started (pid: 2432). 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'imapd_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'mailscanner_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'dovecot_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'ms-exchange_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'racoon_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'vpn_concentrator_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'spamd_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'msauth_rules.xml' 2015/08/31 11:18:33 ossec-remoted(1501): ERROR: No IP or network allowed in the access list for syslog. No reason for running it. Exiting. 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'mcafee_av_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'trend-osce_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'ms-se_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'zeus_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'solaris_bsm_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'vmware_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'ms_dhcp_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'asterisk_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'ossec_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'attack_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'openbsd_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'clam_av_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'dropbear_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Reading rules file: 'local_rules.xml' 2015/08/31 11:18:33 ossec-analysisd: INFO: Total rules enabled: '1313' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: '/etc/mtab' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: '/etc/mnttab' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: '/etc/hosts.deny' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: '/etc/mail/statistics' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: '/etc/random-seed' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: '/etc/adjtime' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: '/etc/httpd/logs' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: '/etc/utmpx' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: '/etc/wtmpx' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: '/etc/cups/certs' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: '/etc/dumpdates' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: '/etc/svc/volatile' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/System32/LogFiles' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Debug' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/WindowsUpdate.log' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/iis6.log' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/system32/wbem/Logs' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/system32/wbem/Repository' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Prefetch' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/SoftwareDistribution' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Temp' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/system32/config' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/system32/spool' 2015/08/31 11:18:33 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/system32/CatRoot' 2015/08/31 11:18:33 ossec-analysisd: INFO: White listing IP: '127.0.0.1' 2015/08/31 11:18:33 ossec-analysisd: INFO: White listing IP: '10.52.36.10' 2015/08/31 11:18:33 ossec-analysisd: INFO: White listing IP: '10.52.36.11' 2015/08/31 11:18:33 ossec-analysisd: INFO: White listing IP: '10.30.48.20' 2015/08/31 11:18:33 ossec-analysisd: INFO: 4 IPs in the white list for active response. 2015/08/31 11:18:33 ossec-analysisd: INFO: White listing Hostname: 'localhost.localdomain' 2015/08/31 11:18:33 ossec-analysisd: INFO: 1 Hostname(s) in the white list for active response. 2015/08/31 11:18:33 ossec-analysisd: INFO: Started (pid: 2423). 2015/08/31 11:18:34 ossec-monitord: INFO: Started (pid: 2443). 2015/08/31 11:18:36 ossec-testrule: INFO: Reading local decoder file. 2015/08/31 11:18:36 ossec-testrule: INFO: Started (pid: 2458). 2015/08/31 11:18:36 ossec-remoted: INFO: Started (pid: 2510). 2015/08/31 11:18:36 ossec-remoted(1501): ERROR: No IP or network allowed in the access list for syslog. No reason for running it. Exiting. 2015/08/31 11:18:38 ossec-syscheckd: INFO: Started (pid: 2439). 2015/08/31 11:18:38 ossec-rootcheck: INFO: Started (pid: 2439). 2015/08/31 11:18:38 ossec-syscheckd: INFO: Monitoring directory: '/etc'. 2015/08/31 11:18:38 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin'. 2015/08/31 11:18:38 ossec-syscheckd: INFO: Monitoring directory: '/usr/sbin'. 2015/08/31 11:18:38 ossec-syscheckd: INFO: Monitoring directory: '/bin'. 2015/08/31 11:18:38 ossec-syscheckd: INFO: Monitoring directory: '/sbin'. 2015/08/31 11:18:39 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/messages'. 2015/08/31 11:18:39 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/secure'. 2015/08/31 11:18:39 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/maillog'. 2015/08/31 11:18:39 ossec-logcollector: INFO: Monitoring output of command(360): df -h 2015/08/31 11:18:39 ossec-logcollector: INFO: Monitoring full output of command(360): netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort 2015/08/31 11:18:39 ossec-logcollector: INFO: Monitoring full output of command(360): last -n 5 2015/08/31 11:18:39 ossec-logcollector: INFO: Started (pid: 2428). 2015/08/31 11:18:39 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' not accessible: 'Connection refused'. 2015/08/31 11:18:39 ossec-analysisd(1301): ERROR: Unable to connect to active response queue. 2015/08/31 11:18:39 ossec-analysisd: INFO: Connected to '/queue/alerts/execq' (exec queue) 2015/08/31 11:18:40 ossec-syscheckd: INFO: Started (pid: 2520). 2015/08/31 11:18:40 ossec-rootcheck: INFO: Started (pid: 2520). 2015/08/31 11:18:40 ossec-syscheckd: INFO: Monitoring directory: '/etc'. 2015/08/31 11:18:40 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin'. 2015/08/31 11:18:40 ossec-syscheckd: INFO: Monitoring directory: '/usr/sbin'. 2015/08/31 11:18:40 ossec-syscheckd: INFO: Monitoring directory: '/bin'. 2015/08/31 11:18:40 ossec-syscheckd: INFO: Monitoring directory: '/sbin'. 2015/08/31 11:19:40 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2015/08/31 11:19:40 ossec-syscheckd: INFO: Starting syscheck database (pre-scan). 2015/08/31 11:19:42 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2015/08/31 11:19:42 ossec-syscheckd: INFO: Starting syscheck database (pre-scan). -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
