Could it be a network issue? I would try running tcpdump both on the agent and on the manager. It looks like manager responses are not getting to the agents somehow.
On Thu, Mar 24, 2016 at 1:17 PM, Ben <[email protected]> wrote: > Hi, > > I got the same issue here, exact same problem with 2.8.3 version. Any > Help? Thanks. > > > On Friday, September 19, 2014 at 7:46:02 AM UTC-4, Chard wrote: >> >> Hi All, >> >> Ameya did you ever get a solution to this? >> >> As I have the same problem as this, but I have firewalls with UDP port >> 1514 open and the server isn't showing any signs of being overloaded. >> >> My agents can send log files to the *ossec server* and the server can >> send its shared configuration files to each *ossec agen*ts. Which would >> mean that the connect between server and client is fine? Yet I still get >> the error message "Ossec-agent: More than 600 seconds without server >> response...sending win32info" on the client side. >> >> Just wondering does the *ossec server* use a different port for some >> responses dealing with 'win32info'? >> >> On Thursday, August 14, 2014 2:27:01 PM UTC+1, dan (ddpbsd) wrote: >> >>> On Thu, Aug 14, 2014 at 4:31 AM, Ameya Bhatkal <[email protected]> >>> wrote: >>> > Hi Dan, >>> > >>> > The agents are connected. I don't think that the Server is overloaded >>> since >>> > only 2 workstations are being monitored! >>> > >>> >>> Did you check or just guess? Is there anything in the manager's >>> ossec.log? >>> >>> >>> > >>> > On Monday, August 11, 2014 7:33:44 AM UTC+5:30, Ameya Bhatkal wrote: >>> >> >>> >> Hi Everyone, >>> >> >>> >> I am running Ossec HIDS 2.8 on Server mode on Ubuntu 14.04 >>> >> >>> >> I have installed around 5-6 Ossec client agents with active response >>> >> disabled on windows 7 machines. >>> >> >>> >> My problem is that my ossec.log file which is present in the Ossec >>> client >>> >> machine is filled with the following error messages: >>> >> >>> >> "Ossec-agent: More than 600 seconds without server response...sending >>> >> win32info" >>> >> >>> >> There is no firewall present between the Server and the agents. Every >>> 3rd >>> >> or 4th line of the ossec.log file contains the above error. >>> >> >>> >> Could anyone help me out with this issue? >>> > >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> Groups >>> > "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an >>> > email to [email protected]. >>> > For more options, visit https://groups.google.com/d/optout. >>> >> -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
