[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-list
Subject: [Ossec-list] agent-server connection not allowed
From: campoe () usf ! edu (Alex Campoe)
Date: 2006-05-26 16:05:03
Message-ID: 4477272F.3000201 () usf ! edu
[Download RAW message or body]
Daniel
Yeah, I restarted both client and server several times. 100.6 is my only
client so far, both client_keys files (server and agent) seem to be the
same, owned by root, group ossec.
Alex
Daniel Cid wrote:
> Hi Alex,
>
> The message you are getting means that OSSEC didn't find this
> IP on the client.keys file (the one used for authentication between
> server/agent)...
> Did you restart OSSEC on the server after running the manage_agents?
> Also, make sure that on the server, the /var/ossec/etc/client.keys
> file has an entry for that specific ip address: 131.247.100.6 .
>
> Let me know if it works or not :)
>
> thanks,
>
> --
> Daniel B. Cid
> dcid @ ( at ) ossec.net
>
>
> On 5/26/06, Alex Campoe <campoe at usf.edu> wrote:
> > Probably simple and right under my nose, but ...
> >
> > Server is running on a Fedora Core 5 box, agent on Solaris 9 box. I used
> > the manage_agents per instructions, punched hole on iptable for 1514 and
> > 514. One the server log I am getting this:
> >
> > 2006/05/26 09:55:02 ossec-remoted(1213): Message from 131.247.100.6 not
> > allowed. <repeat several times per minute>
> >
> >
> > but the configuration is correct (I think):
> >
> > ossec.conf snippet
> >
> > <remote>
> > <connection>syslog</connection>
> > <allowed-ips>131.247.100.6</allowed-ips>
> > </remote>
> >
> > <remote>
> > <connection>secure</connection>
> > <allowed-ips>131.247.100.6</allowed-ips>
> > </remote>
> >
> > Any ideas?
> >
> > Alex
> > C
> > --
> > -- Alex Campoe, CISSP Information Security Manager --
> > -- Associate Director, Systems --
> > -- Email: campoe at usf.edu Phone: (813) 974-1796 --
> > -- Academic Computing University of South Florida --
> > -----------------------------------------------------------------------
> >
> >
> > _______________________________________________
> > ossec-list mailing list
> > ossec-list at ossec.net
> > http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
> >
> >
> >
> >
--
-- Alex Campoe, CISSP Information Security Manager --
-- Associate Director, Systems --
-- Email: campoe at usf.edu Phone: (813) 974-1796 --
-- Academic Computing University of South Florida --
-----------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3158 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.underlinux.com.br/pipermail/ossec-list/attachments/20060526/0044675a/attachment-0001.bin \
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic