[ossec-list] Windows client communication issue

["Ry Mills" <rmills@xxxxxxxxxxxxxx>]

I have 2 Windows XP PC’s and 1 W2K server setup with the Windows client. The first PC I setup works fine. I then setup the W2K Server and the other XP server and get the Waiting for server reply response.. All of these systems are on our LAN which doesn’t go through a firewall and firewall is not active on the XP PC’s. Any ideas on what might be causing this? I would add the server log but I don’t know where to search for it within Linux (Ubuntu).

 

 

XP client Log which does not work

 

2007/10/10 14:45:01 ossec-agent: Connecting to server (192.168.2.96:1514).

2007/10/10 14:45:01 ossec-agent: Starting syscheckd thread.

2007/10/10 14:45:01 ossec-rootcheck: Started (pid: 720).

2007/10/10 14:45:01 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes'.

2007/10/10 14:45:01 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft'.

2007/10/10 14:45:01 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Policies'.

2007/10/10 14:45:01 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control'.

2007/10/10 14:45:01 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services'.

2007/10/10 14:45:01 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Security'.

2007/10/10 14:45:01 ossec-agent: Monitoring directory: 'C:\WINDOWS'.

2007/10/10 14:45:01 ossec-agent: Started (pid: 720).

2007/10/10 14:45:16 ossec-agent(4101): Waiting for server reply (not started).

2007/10/10 14:45:32 ossec-agent(4101): Waiting for server reply (not started).

2007/10/10 14:46:03 ossec-agent(4101): Waiting for server reply (not started).

2007/10/10 14:46:49 ossec-agent(4101): Waiting for server reply (not started).

2007/10/10 14:47:50 ossec-agent(4101): Waiting for server reply (not started).

2007/10/10 14:49:06 ossec-agent(4101): Waiting for server reply (not started).

2007/10/10 14:50:37 ossec-agent(4101): Waiting for server reply (not started).

2007/10/10 14:52:23 ossec-agent(4101): Waiting for server reply (not started).

2007/10/10 14:54:24 ossec-agent(4101): Waiting for server reply (not started).

2007/10/10 14:56:40 ossec-agent(4101): Waiting for server reply (not started).

2007/10/10 14:59:11 ossec-agent(4101): Waiting for server reply (not started).

2007/10/10 15:01:57 ossec-agent(4101): Waiting for server reply (not started).

2007/10/10 15:04:58 ossec-agent(4101): Waiting for server reply (not started).

2007/10/10 15:08:14 ossec-agent(4101): Waiting for server reply (not started).

2007/10/10 15:11:45 ossec-agent(4101): Waiting for server reply (not started).

2007/10/10 15:12:58 ossec-agent: Server unavailable. Setting lock.

 

 

 

XP client log which does work

 

2007/10/05 14:24:24 ossec-agent: Connecting to server (192.168.2.96:1514).

2007/10/05 14:24:24 ossec-agent: Starting syscheckd thread.

2007/10/05 14:24:24 ossec-rootcheck: Started (pid: 792).

2007/10/05 14:24:24 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes'.

2007/10/05 14:24:24 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft'.

2007/10/05 14:24:24 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Policies'.

2007/10/05 14:24:24 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control'.

2007/10/05 14:24:24 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services'.

2007/10/05 14:24:24 ossec-agent: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Security'.

2007/10/05 14:24:24 ossec-agent: Monitoring directory: 'C:\WINDOWS'.

2007/10/05 14:24:24 ossec-agent: Started (pid: 792).

2007/10/05 14:24:25 ossec-agent(4102): Connected to the server.

2007/10/05 14:24:26 ossec-agent(1951): Analyzing event log: 'Application'.

2007/10/05 14:24:29 ossec-agent(1123): Unable to delete file: 'shared/ar.conf'.

2007/10/05 14:24:31 ossec-agent(1951): Analyzing event log: 'Security'.

2007/10/05 14:24:33 ossec-agent(1951): Analyzing event log: 'System'.

2007/10/05 14:24:36 ossec-agent(1952): Monitoring variable log file: 'C:\WINDOWS\System32\LogFiles\W3SVC1\ex071005.log'.

2007/10/05 14:24:36 ossec-agent(1103): Unable to open file 'C:\WINDOWS\System32\LogFiles\W3SVC1\ex071005.log'.

2007/10/05 14:24:36 ossec-agent(1950): Analyzing file: 'C:\WINDOWS\System32\LogFiles\W3SVC1\ex071005.log'.

2007/10/05 14:24:36 ossec-agent: Started (pid: 792).