Unable to get agent logs

[Addy Sharma]

Hello Team,

 

We use OSSEC 2.9.1 with the installation of Alienvault and last night for some Reason our Alienvault which is teh OSSEC manager in our setup crashed and we had to reboot it this Morning. And since the reboot we are not getting any logs from the AGENTS. Once we check Under the logs of OSSEC there is an error as followed :

 

 

2019/06/14 12:34:10 ossec-agentd: INFO: Trying to connect to server 172.16.3.2, port 1514.

 

2019/06/14 12:34:10 INFO: Connected to 172.16.3.2 at address 172.16.3.2:1514, port 1514

 

2019/06/14 12:34:31 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: '172.16.3.2'.

 

Every 30 seconds.

We tried reinstalling the agent and also restarted the service using :

# /var/ossec/bin/ossec-control restart

 

But Nothing seems to have changed, still same error please help.

 

Thanks,

Addy

[dan (ddp)]

Are the OSSEC processes running on the OSSEC server?
Is there a firewall blocking the communication?
Does the OSSEC server see the requests from the agent? (`tcpdump -nn
port 1514 and udp`)
Is there anything in the OSSEC server's ossec.log?

>
>
> Thanks,
>
> Addy
>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/1964c4af-90d0-49cc-a40e-5bb7b1dfd891%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.