On Fri, Jan 11, 2019 at 9:37 PM nOBEL jUNG <[email protected]> wrote: > > Hello, > > I got the same problem in agent AIX7.1 with wazuh-3.6.1 as following;
You might get better help by asking the Wazuh folks. Run tcpdump on your OSSEC manager. Make sure the packets from the OSSEC agent are arriving from the expected IP address (no NAT or anything in the way). Check for packets being sent to the agent from the OSSEC manager. Run the OSSEC manager in debug mode (`/var/ossec/bin/ossec-control enable debug && /var/ossec/bin/ossec-control restart`) and look for errors in the ossec.log. > ..........ossec.log ................. > 2019/01/12 11:03:03 ossec-agentd: INFO: Trying to connect to server > (192.168.0.98:1514/udp). > 2019/01/12 11:03:24 ossec-agentd: WARNING: (4101): Waiting for server reply > (not started). Tried: '192.168.0.98' > > ------ checking port------------ > bash-3.2# netstat -Aan|grep 1514 > f1000e0000086e00 udp4 0 0 192.168.0.35.32956 192.168.0.72.1514 > bash-3.2# netstat -Aan|grep ossec-agentd > bash-3.2# > > -----checking port config------------ > #vi /etc/services > .......... > fujitsu-dtcns 1514/tcp # Fujitsu Systems Business of > America, Inc > fujitsu-dtcns 1514/udp # Fujitsu Systems Business of > America, Inc > ............ > > Many thanks, > > n.j > > > 2012년 9월 4일 화요일 오전 10시 44분 46초 UTC+9, Thomas Bartos 님의 말: >> >> >> Check your Firewall and make sure UDP protocol is open on port 1514 >> -tom >> >> >> >> On Sep 3, 2012, at 6:07 PM, Joe Gedeon <[email protected]> wrote: >> >> Looks like you have the wrong OSSEC key on the OSSEC Client. >> >> On Fri, Aug 31, 2012 at 5:21 PM, dkoleary <[email protected]> >> wrote: >> >> Hey; >> >> I'm suspecting a firewall issue, but there's an odd twist. We installed the >> ossec agent on an aix 5.3 box; but, it's not able to connect to the ossec >> server. On the client, we're getting the typical: >> >> 2012/08/31 16:01:21 ossec-agentd(4101): WARN: Waiting for server reply (not >> started). Tried: '111.22.33.444'. >> 2012/08/31 16:01:23 ossec-agentd: INFO: Trying to connect to server >> (111.22.33.444:1514). >> 2012/08/31 16:01:23 ossec-agentd: INFO: Using IPv4 for: 111.22.33.444 . >> >> We verified that the client.keys file has the right information in it, >> restarted the service looking for any errors and nothing. Screen output was >> clean; ossec.log file is clean. >> >> The twist, though, is that the ossec server is clocking errors: >> >> ossec-remoted(1403): ERROR: Incorrectly formated message from '111.77.88.99' >> >> I asked the client to verify the firewall port 1514 is open stateful to the >> server; however, I'm not sure that's it. If the firewall were blocking the >> traffic, I wouldn't expect to see anything on the server... should I be >> looking somewhere else? >> >> Any hints/tips/suggestions greatly appreciated. >> >> Doug O'Leary >> >> >> >> >> -- >> Registered Linux User # 379282 >> >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
