[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: Agents unable to send messages to Server

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: Agents unable to send messages to Server
From: Martin Gottlieb <martin@xxxxxxxxxxxx>
Date: Fri, 04 Aug 2006 13:18:49 -0400

Hi Daniel,

Thanks for the reply. I double-checked the agent keys and they are all correct and cleared out the
iptables rule sets on both machines before testing. Still no luck.

Attached are the files and output you requested. (slightly sanitized ). I tried a new install and restarted everything.
This time through, the logs aren't showing any errors at all, so I'm really not sure what to make of it.

Thanks for your help in tracking this down.

Martin
.

Daniel Cid wrote:

Hi Martin,

I had this problem before when I misconfigured the keys for the agents.
Can you make sure that the first agent, really has the right key on it (
that matches his ip address)? Also, make sure that iptables is not
blocking port 1514...

*I don't think that the zlib version is the problem...

*do an ifconfig on the agent and look at /var/ossec/etc/client.keys to make
sure that the IP address is correct in there.

If that does not fix the problem, can you show us the following files:

*for both server and agents:
/var/ossec/etc/ossec.conf
/var/ossec/logs/ossec.log
/var/ossec/etc/client.keys (change the secret key before posting)
ifconfig -a
iptables -vL

Hope it helps..

--
Daniel B. Cid
dcid ( at ) ossec.net

On 8/3/06, Martin Gottlieb <martin@xxxxxxxxxxxx> wrote:

Hello,

I am trying to set up a new install of OSSEC and am having difficulty
getting the agents
to communicate with the server.

All machines have port 1514 open and I have added the agent machines' ip
addresses to
the server config (using <allowed-ips> ) and generated and imported new
authentication keys on
each Agent.

In the server log, I am seeing lots of messages like this:

2006/08/03 13:57:54 ossec-remoted(2202): Error uncompressing string.

Are there any dependencies on the versions of zlib ?

My Server is running Fedora Core release 4 (Stentz), which has zlib version
zlib-1.2.2.2-5.fc4

One Agent is running RH7.3 with zlib 1.1.4-8.7x and another is running RH
ES 3 with zlib 1.1.4-8.1
The first agent is logging errors like:

2006/08/03 13:13:23 ossec-agentd(1218): Unable to send message to server.

while the other agent is not logging any errors at all.

Any ideas ? Sorry if I've omitted any pertinent info, I'll be happy to
provide additional config info if it would be helpful.

Thanks.

Martin

Attachment: ossec.zip
Description: Zip archive

Follow-Ups:
- [ossec-list] Re: Agents unable to send messages to Server
  - From: Daniel Cid

References:
- [ossec-list] Agents unable to send messages to Server
  - From: Martin Gottlieb
- [ossec-list] Re: Agents unable to send messages to Server
  - From: Daniel Cid

Prev by Date: [ossec-list] Problems with OSSEC MySQL Tool
Next by Date: [ossec-list] Re: Problems with OSSEC MySQL Tool
Previous by thread: [ossec-list] Re: Agents unable to send messages to Server
Next by thread: [ossec-list] Re: Agents unable to send messages to Server
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.