On Feb 25, 2016 9:27 PM, "James Stallard" <[email protected]> wrote: > > All: > > 1st time on board, and I know this sounds like a rookie question, but...I did have ossec runnig ok in another aws environment, now with upgrade to 2.7-2.8.2 in a new env, am having problems > > I've just installed 2.8.3 agent & server on CentOS 6.7 (market place version, hardened). > Configured keys on both via manage_agent & restarted.
Make sure the IP the manager sees the packets coming from is the IP that was added in manage_agents. > I know i have UDP connectivity since I have tcpdump -v -o eth0 1514 running on server and receive this from client: > tpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes > ip-10-<client>.ec2.internal.51508 > ip-<server>.ec2.internal.fujitsu-dtcns: UDP, length 73 > ... Does the server respond? > These messages correspond with the '''Waiting for server to reply..." messages sent by client" below > > These errors on client: > 016/02/25 21:16:02 ossec-agentd: INFO: Using IPv4 for: 1<server> . > 016/02/25 21:16:12 ossec-agentd(1218): ERROR: Unable to send message to server. > 016/02/25 21:16:24 ossec-agentd(1218): ERROR: Unable to send message to server. > 016/02/25 21:16:25 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: '<server>'. > > Nothing in server logs that indicate a message was received. > Turn on debugging and restart the ossec processes on the manager (`/var/ossec/bin/ossec_control enable debug && /var/ossec/bin/ossec_control restart`) > on client, list_clients -a I get > *No agent available. > > And I don't see anything more when turning on debug mode. > > Note sure what else to try. > I have turned off iptables on both client/server to debug this. > > Any ideas would be greatly appreciated. > > jms. > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
