Hi! To start with my requirement is to setup 2 ossec servers in HA mode. I am planning to setup a DNS failover mechanism for this. I now need to run the servers and clients over TCP. I changed the port and protocol in servers ossec.conf to 1515/tcp. I changed port to 1515 in client ossec.conf as well. I restarted the ossec service in all the machines. My agent got disconnected from the server and now I am getting following error in client ossec.log:
2016/05/05 05:28:06 ossec-agentd(1218): ERROR: Unable to send message to server. 2016/05/05 05:28:18 ossec-agentd(1218): ERROR: Unable to send message to server. 2016/05/05 05:28:19 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: 'x.x.x.1'. 2016/05/05 05:28:19 ossec-agentd: INFO: Trying next server ip in the line: 'y.y.y.2'. 2016/05/05 05:28:20 ossec-agentd: INFO: Closing connection to server (y.y.y.2:1515). 2016/05/05 05:28:20 ossec-agentd: INFO: Trying to connect to server (y.y.y.2:1515). 2016/05/05 05:28:20 ossec-agentd: INFO: Using IPv4 for: y.y.y.2 . PS: My agent is able to telnet to both the servers on port 1515 -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
