Also, from agent: # netstat -panu | grep 1520 udp 0 0 AGENT_IP:43737 SERVER_IP:1520 ESTABLISHED 30669/ossec-agentd
On Monday, January 4, 2016 at 12:25:02 PM UTC-5, Cal wrote: > > I have about 20 OSSEC agents connected to my OSSEC server without issue. > There are approximately 6 however that cannot connect. I'm using a > non-default port of 1520. Note: All IPs replaced here for OPSEC. > > Logs: > > - Agent: > - 2016/01/04 11:12:23 ossec-agentd: INFO: Using IPv4 for: SERVER_IP > . > 2016/01/04 11:12:44 ossec-agentd(4101): WARN: Waiting for server > reply (not started). Tried: 'SERVER_IP'. > - Server: > - Nothing outside the standard output, even with debug enabled > > > What I've done so far: > > - Added rules into iptables to allow communication on both agent/sever > - TCPdump confirming on agent that it is sending packet > - TCPdump confirming on server that it is receiving agent packet > - Netcat on both server/agent: > - netcat -uv SERVER_IP 1520 > Connection to SERVER_IP 1520 port [udp/*] succeeded! > - netcat -uv AGENT_IP1520 > Connection to AGENT_IP 1520 port [udp/*] succeeded! > > ossec.conf: > > - <ossec_config> > <client> > <server-ip>SERVER_IP</server-ip> > <port>1520</port> > </client> > <remote> > <connection>secure</connection> > <protocol>tcp</protocol> > <port>1520</port> > </remote> > > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
