Hi, Thanks to your tips, I solved that issue. I do appreciate your time.
Many thanks, 2019년 1월 15일 (화) 오전 12:13, dan (ddp) <[email protected]>님이 작성: > > On Fri, Jan 11, 2019 at 9:37 PM nOBEL jUNG <[email protected]> wrote: > > > > Hello, > > > > I got the same problem in agent AIX7.1 with wazuh-3.6.1 as following; > > You might get better help by asking the Wazuh folks. > Run tcpdump on your OSSEC manager. Make sure the packets from the > OSSEC agent are arriving from the expected IP address (no NAT or > anything in the way). > Check for packets being sent to the agent from the OSSEC manager. > Run the OSSEC manager in debug mode (`/var/ossec/bin/ossec-control > enable debug && /var/ossec/bin/ossec-control restart`) and look for > errors in the ossec.log. > > > ..........ossec.log ................. > > 2019/01/12 11:03:03 ossec-agentd: INFO: Trying to connect to server > > (192.168.0.98:1514/udp). > > 2019/01/12 11:03:24 ossec-agentd: WARNING: (4101): Waiting for server reply > > (not started). Tried: '192.168.0.98' > > > > ------ checking port------------ > > bash-3.2# netstat -Aan|grep 1514 > > f1000e0000086e00 udp4 0 0 192.168.0.35.32956 > > 192.168.0.72.1514 > > bash-3.2# netstat -Aan|grep ossec-agentd > > bash-3.2# > > > > -----checking port config------------ > > #vi /etc/services > > .......... > > fujitsu-dtcns 1514/tcp # Fujitsu Systems Business of > > America, Inc > > fujitsu-dtcns 1514/udp # Fujitsu Systems Business of > > America, Inc > > ............ > > > > Many thanks, > > > > n.j > > > > > > 2012년 9월 4일 화요일 오전 10시 44분 46초 UTC+9, Thomas Bartos 님의 말: > >> > >> > >> Check your Firewall and make sure UDP protocol is open on port 1514 > >> -tom > >> > >> > >> > >> On Sep 3, 2012, at 6:07 PM, Joe Gedeon <[email protected]> wrote: > >> > >> Looks like you have the wrong OSSEC key on the OSSEC Client. > >> > >> On Fri, Aug 31, 2012 at 5:21 PM, dkoleary <[email protected]> > >> wrote: > >> > >> Hey; > >> > >> I'm suspecting a firewall issue, but there's an odd twist. We installed > >> the > >> ossec agent on an aix 5.3 box; but, it's not able to connect to the ossec > >> server. On the client, we're getting the typical: > >> > >> 2012/08/31 16:01:21 ossec-agentd(4101): WARN: Waiting for server reply (not > >> started). Tried: '111.22.33.444'. > >> 2012/08/31 16:01:23 ossec-agentd: INFO: Trying to connect to server > >> (111.22.33.444:1514). > >> 2012/08/31 16:01:23 ossec-agentd: INFO: Using IPv4 for: 111.22.33.444 . > >> > >> We verified that the client.keys file has the right information in it, > >> restarted the service looking for any errors and nothing. Screen output > >> was > >> clean; ossec.log file is clean. > >> > >> The twist, though, is that the ossec server is clocking errors: > >> > >> ossec-remoted(1403): ERROR: Incorrectly formated message from > >> '111.77.88.99' > >> > >> I asked the client to verify the firewall port 1514 is open stateful to the > >> server; however, I'm not sure that's it. If the firewall were blocking the > >> traffic, I wouldn't expect to see anything on the server... should I be > >> looking somewhere else? > >> > >> Any hints/tips/suggestions greatly appreciated. > >> > >> Doug O'Leary > >> > >> > >> > >> > >> -- > >> Registered Linux User # 379282 > >> > >> > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to a topic in the Google > Groups "ossec-list" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ossec-list/e9cbb9KoalU/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
