Thanks. I am seeing this in the alerts.log for the ones not connecting, I mean they seem to be able to connect in network terms but not the OSSEC server instance process: ossec-remoted(1408): ERROR: Invalid ID for the source ip: 'a.b.c.d'. ossec-remoted(1213): WARN: Message from a.b.c.d not allowed.
Is there something we are not doing to allow these particular agents to connect - a key file etc? On Friday, 17 June 2016 08:49:28 UTC+1, Jesus Linares wrote: > > It should work with port 1514 UDP. First, check if you have connectivity > between agents and manager (ping, telnet, tcpdump...) and review your > network settings (routers, firewall rules, etc). Then, check out the > ossec.log of each agent to see what it is the issue. > > On Thursday, June 16, 2016 at 6:41:10 PM UTC+2, dan (ddpbsd) wrote: >> >> On Thu, Jun 16, 2016 at 12:27 PM, Tahir Hafiz <[email protected]> >> wrote: >> > We have an OSSEC server located in one particular subnet and the >> majority of >> > the agents are located in the same subnet and work fine. >> > However, we have a few OSSEC agents located in a different subnet and >> they >> > are having problems being able to connect to the server. >> > >> > We have opened up port 1514 UDP between subnets for ingress and egress >> > traffic. >> > >> > Is there anything that we should do to allow server and agent >> communication? >> > >> >> Do you see the traffic on the server from the hosts that are having >> issues? >> Do the source IPs match your expectations? >> >> > >> > >> > >> > >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
