On Fri, Feb 26, 2016 at 8:38 AM, James Stallard <[email protected]> wrote: > Thanks Dan, > The server doesn't respond, nothing in logs... > I'll try turning on debug mode again. >
Double check the IPs to make sure the ossec manager is seeing the IPs it expects to see (from the agent it expects to be at that IP). Double check to make sure there are no duplicate IP addresses. > -j > > Le jeudi 25 février 2016 21:33:00 UTC-5, dan (ddpbsd) a écrit : >> >> >> On Feb 25, 2016 9:27 PM, "James Stallard" <[email protected]> wrote: >> > >> > All: >> > >> > 1st time on board, and I know this sounds like a rookie question, >> > but...I did have ossec runnig ok in another aws environment, now with >> > upgrade to 2.7-2.8.2 in a new env, am having problems >> > >> > I've just installed 2.8.3 agent & server on CentOS 6.7 (market place >> > version, hardened). >> > Configured keys on both via manage_agent & restarted. >> >> Make sure the IP the manager sees the packets coming from is the IP that >> was added in manage_agents. >> > I know i have UDP connectivity since I have tcpdump -v -o eth0 1514 >> > running on server and receive this from client: >> > tpdump: listening on eth0, link-type EN10MB (Ethernet), capture size >> > 65535 bytes >> > ip-10-<client>.ec2.internal.51508 > >> > ip-<server>.ec2.internal.fujitsu-dtcns: UDP, length 73 >> > ... >> >> Does the server respond? >> >> > These messages correspond with the '''Waiting for server to reply..." >> > messages sent by client" below >> > >> > These errors on client: >> > 016/02/25 21:16:02 ossec-agentd: INFO: Using IPv4 for: 1<server> . >> > 016/02/25 21:16:12 ossec-agentd(1218): ERROR: Unable to send message to >> > server. >> > 016/02/25 21:16:24 ossec-agentd(1218): ERROR: Unable to send message to >> > server. >> > 016/02/25 21:16:25 ossec-agentd(4101): WARN: Waiting for server reply >> > (not started). Tried: '<server>'. >> > >> > Nothing in server logs that indicate a message was received. >> > >> >> Turn on debugging and restart the ossec processes on the manager >> (`/var/ossec/bin/ossec_control enable debug && /var/ossec/bin/ossec_control >> restart`) >> >> > on client, list_clients -a I get >> > *No agent available. >> > >> > And I don't see anything more when turning on debug mode. >> > >> > Note sure what else to try. >> > I have turned off iptables on both client/server to debug this. >> > >> > Any ideas would be greatly appreciated. >> > >> > jms. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
