No I changed this on post.;) This has to be the case .. as each time I see ...WARN: Waiting for server reply... on client tcpdump sends out the ... ip-10-<client>.ec2.internal.51508 > ip-<server>.ec2.internal.fujitsu-dtcns: UDP, length 73 so the server IP on client is correct, yes.
thanks anyway. Le vendredi 26 février 2016 06:09:27 UTC-5, Pedro S a écrit : > > Hi, > > Stupid question, acording to your logs: > > 2016/02/25 21:16:25 ossec-agentd(4101): WARN: Waiting for server reply ( > not started). Tried: '<server>'. > > Is server IP setting on the Agent set correctly? Seems like OSSEC is > reading "<server>" as the remote IP or did you change it on purpose on the > post? > > > Like Dan said, try to debug the messages on the server, you can try to > activate <logall> option on the Manager and check archives/archives.log. > > > On Friday, February 26, 2016 at 3:27:41 AM UTC+1, James Stallard wrote: >> >> All: >> >> 1st time on board, and I know this sounds like a rookie question, but...I >> did have ossec runnig ok in another aws environment, now with upgrade to >> 2.7-2.8.2 in a new env, am having problems >> >> I've just installed 2.8.3 agent & server on CentOS 6.7 (market place >> version, hardened). >> Configured keys on both via manage_agent & restarted. >> I know i have UDP connectivity since I have tcpdump -v -o eth0 1514 >> running on server and receive this from client: >> tpdump: listening on eth0, link-type EN10MB (Ethernet), capture size >> 65535 bytes >> ip-10-<client>.ec2.internal.51508 > >> ip-<server>.ec2.internal.fujitsu-dtcns: UDP, length 73 >> ... >> These messages correspond with the '''Waiting for server to reply..." >> messages sent by client" below >> >> These errors on client: >> 016/02/25 21:16:02 ossec-agentd: INFO: Using IPv4 for: 1<server> . >> 016/02/25 21:16:12 ossec-agentd(1218): ERROR: Unable to send message to >> server. >> 016/02/25 21:16:24 ossec-agentd(1218): ERROR: Unable to send message to >> server. >> 016/02/25 21:16:25 ossec-agentd(4101): WARN: Waiting for server reply >> (not started). Tried: '<server>'. >> >> Nothing in server logs that indicate a message was received. >> >> on client, list_clients -a I get >> *No agent available. >> >> And I don't see anything more when turning on debug mode. >> >> Note sure what else to try. >> I have turned off iptables on both client/server to debug this. >> >> Any ideas would be greatly appreciated. >> >> jms. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
