I have about 20 OSSEC agents connected to my OSSEC server without issue. There are approximately 6 however that cannot connect. I'm using a non-default port of 1520. Note: All IPs replaced here for OPSEC.
Logs: - Agent: - 2016/01/04 11:12:23 ossec-agentd: INFO: Using IPv4 for: SERVER_IP . 2016/01/04 11:12:44 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: 'SERVER_IP'. - Server: - Nothing outside the standard output, even with debug enabled What I've done so far: - Added rules into iptables to allow communication on both agent/sever - TCPdump confirming on agent that it is sending packet - TCPdump confirming on server that it is receiving agent packet - Netcat on both server/agent: - netcat -uv SERVER_IP 1520 Connection to SERVER_IP 1520 port [udp/*] succeeded! - netcat -uv AGENT_IP1520 Connection to AGENT_IP 1520 port [udp/*] succeeded! ossec.conf: - <ossec_config> <client> <server-ip>SERVER_IP</server-ip> <port>1520</port> </client> <remote> <connection>secure</connection> <protocol>tcp</protocol> <port>1520</port> </remote> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.