The agent (being the ossec software itself) does not... but a tcdump watching UDP sees the packets arriving at the agent. I also tried turning off iptables altogether to the same results.
On Wednesday, October 26, 2016 at 1:27:05 PM UTC+2, dan (ddpbsd) wrote: > > On Wed, Oct 26, 2016 at 5:59 AM, Topper Bowers > <[email protected] <javascript:>> wrote: > > Hello all, > > > > I'm using ossec 2.8.3 from wazzuh and I can't seem to get the agents to > talk > > to the host. It is exactly as described here: > > https://botbot.me/freenode/ossec/2016-07-21/?msg=70001778&page=1. > > > > I've also put both the agent and the master into debug mode. I've also > run > > tcpdump on both the agent and the master... I see traffic flowing from > the > > agent to the master and I see the master responding to the agent... but > the > > agent just consistently says: > > > > Does the agent see the replies from the server? > > > 2016/10/26 09:56:24 ossec-agentd: INFO: Trying to connect to server > > (X.X.X.X:4214). > > > > 2016/10/26 09:56:24 ossec-agentd: INFO: Using IPv4 for: X.X.X.X . > > > > 2016/10/26 09:56:45 ossec-agentd(1234): WARN: Waiting for server reply > (not > > started). Tried: 'X.X.X.X'. > > > > > > (I removed IP address) > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
