For what it’s worth, I’ve seen the same thing happen on our windows agents….tried debugging it for weeks & couldn’t figure anything out so I just gave up. It seemed to be intermittent when I dug into it before.
-- Hal Manuel Sr. Director, Content & Technical Operations Cengage Learning | Questia | Highbeam Research From: [email protected] [mailto:[email protected]] On Behalf Of Santiago Bassett Sent: Thursday, March 24, 2016 4:51 PM To: [email protected] Subject: Re: [ossec-list] Re: Ossec-agent: More than 600 seconds without server response...sending win32info Could it be a network issue? I would try running tcpdump both on the agent and on the manager. It looks like manager responses are not getting to the agents somehow. On Thu, Mar 24, 2016 at 1:17 PM, Ben <[email protected]<mailto:[email protected]>> wrote: Hi, I got the same issue here, exact same problem with 2.8.3 version. Any Help? Thanks. On Friday, September 19, 2014 at 7:46:02 AM UTC-4, Chard wrote: Hi All, Ameya did you ever get a solution to this? As I have the same problem as this, but I have firewalls with UDP port 1514 open and the server isn't showing any signs of being overloaded. My agents can send log files to the ossec server and the server can send its shared configuration files to each ossec agents. Which would mean that the connect between server and client is fine? Yet I still get the error message "Ossec-agent: More than 600 seconds without server response...sending win32info" on the client side. Just wondering does the ossec server use a different port for some responses dealing with 'win32info'? On Thursday, August 14, 2014 2:27:01 PM UTC+1, dan (ddpbsd) wrote: On Thu, Aug 14, 2014 at 4:31 AM, Ameya Bhatkal <[email protected]<mailto:[email protected]>> wrote: > Hi Dan, > > The agents are connected. I don't think that the Server is overloaded since > only 2 workstations are being monitored! > Did you check or just guess? Is there anything in the manager's ossec.log? > > On Monday, August 11, 2014 7:33:44 AM UTC+5:30, Ameya Bhatkal wrote: >> >> Hi Everyone, >> >> I am running Ossec HIDS 2.8 on Server mode on Ubuntu 14.04 >> >> I have installed around 5-6 Ossec client agents with active response >> disabled on windows 7 machines. >> >> My problem is that my ossec.log file which is present in the Ossec client >> machine is filled with the following error messages: >> >> "Ossec-agent: More than 600 seconds without server response...sending >> win32info" >> >> There is no firewall present between the Server and the agents. Every 3rd >> or 4th line of the ossec.log file contains the above error. >> >> Could anyone help me out with this issue? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to > [email protected]<mailto:[email protected]>. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
