[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Ossec-list] agent-server connection not allowed
- Subject: [Ossec-list] agent-server connection not allowed
- From: daniel.cid at gmail.com (Daniel Cid)
- Date: Fri, 26 May 2006 11:38:31 -0300
Hi Alex,
The message you are getting means that OSSEC didn't find this
IP on the client.keys file (the one used for authentication between
server/agent)...
Did you restart OSSEC on the server after running the manage_agents?
Also, make sure that on the server, the /var/ossec/etc/client.keys
file has an entry for that specific ip address: 131.247.100.6 .
Let me know if it works or not :)
thanks,
--
Daniel B. Cid
dcid @ ( at ) ossec.net
On 5/26/06, Alex Campoe <campoe at usf.edu> wrote:
> Probably simple and right under my nose, but ...
>
> Server is running on a Fedora Core 5 box, agent on Solaris 9 box. I used
> the manage_agents per instructions, punched hole on iptable for 1514 and
> 514. One the server log I am getting this:
>
> 2006/05/26 09:55:02 ossec-remoted(1213): Message from 131.247.100.6 not
> allowed. <repeat several times per minute>
>
>
> but the configuration is correct (I think):
>
> ossec.conf snippet
>
> <remote>
> <connection>syslog</connection>
> <allowed-ips>131.247.100.6</allowed-ips>
> </remote>
>
> <remote>
> <connection>secure</connection>
> <allowed-ips>131.247.100.6</allowed-ips>
> </remote>
>
> Any ideas?
>
> Alex
> C
> --
> -- Alex Campoe, CISSP Information Security Manager --
> -- Associate Director, Systems --
> -- Email: campoe at usf.edu Phone: (813) 974-1796 --
> -- Academic Computing University of South Florida --
> -----------------------------------------------------------------------
>
>
> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>
>
>
>
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.