Hi, I am not familiar with *cis-ubuntu-ansible* but you can try to debug OSSEC log to inspect what exactly is blocking the contact.
Open internal_options.conf and set: remoted.debug=2 syscheck.debug=2 analysisd.debug=2 logcollector.debug=2 # Unix agentd agent.debug=2 Restart and review what is happening. You can try a standard telnet remoteserver 1514 to see if your host can really send messages using 1514 UDP. By the way, as Jesus says, if you need CIS tagging on OSSEC rootchecks use that rootchecks. On Friday, February 26, 2016 at 8:06:56 AM UTC+1, Barry Kaplan wrote: > > I am trying to harden up our instances, but I find that after applying > these controls the agent can longer contact the agent via UDP. > > I'm still trying to figure out exactly which bit is to blame. Has anybody > else used the CIS controls on the same instance as OSSEC? > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
