Ossec Windows Agent trying to connect forever

39 views
Skip to first unread message

Julia Vitoria Cardoso

unread,
Nov 14, 2017, 8:26:55 AM11/14/17
to ossec-list
Hi, i have a test setup with a windows agent and a server CentOS. 

I wrote a .bat to install agent and it seems ok, but looking at the logs it only says 

2017/11/14 11:14:27 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: 'serverhost.stuff'.

2017/11/14 11:15:05 ossec-agentd: INFO: Trying to connect to server serverhost.stuff, port 1514.

2017/11/14 11:15:05 INFO: Connected to serverhost.stuff at address  10.10.x.y:1514, port 1514

2017/11/14 11:15:26 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: 'serverhost.stuff'.

2017/11/14 11:16:22 ossec-agentd: INFO: Trying to connect to server serverhost.stuff, port 1514.

2017/11/14 11:16:22 INFO: Connected to serverhost.stuff at address  10.10.x.y:1514, port 1514

2017/11/14 11:16:43 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: 'serverhost.stuff'.

2017/11/14 11:17:57 ossec-agentd: INFO: Trying to connect to server sep0265cb.sep.local, port 1514.

2017/11/14 11:17:57 INFO: Connected to serverhost.stuff at address 10.10.x.y:1514, port 1514

It goes forever! It means it is working? May i change some value of time between keep alive messages? 

Also im receiving errors with agent.conf that i already saw in other posts.

ERROR: Error reading XML file 'shared/agent.conf': XMLERR: File 'shared/agent.conf' not found. (line 16).

Im convinved i have a connection issue or udp cache stuff. But cant figure out. 


All this together can be a connection issue? Or misconfiguration? 

Leroy Tennison

unread,
Dec 1, 2017, 4:38:31 PM12/1/17
to ossec-list
Although the context was AliewnVault this solution worked for me in an internally-installed manager-client environment: 
http://www.itinthedatacenter.com/wordpress/?p=369

Leroy Tennison

unread,
Dec 1, 2017, 4:40:35 PM12/1/17
to ossec-list
Wait a minute, is this a new install, how did you get the key installed on the client?  If there's an automated way to do that please post in a reply.


On Tuesday, November 14, 2017 at 7:26:55 AM UTC-6, Julia Vitoria Cardoso wrote:

dan (ddp)

unread,
Dec 3, 2017, 4:29:04 PM12/3/17
to ossec...@googlegroups.com
Check on the ossec server to see if the agent is connected.
`/var/ossec/bin/list_agents -c`

> Also im receiving errors with agent.conf that i already saw in other posts.
>
> ERROR: Error reading XML file 'shared/agent.conf': XMLERR: File
> 'shared/agent.conf' not found. (line 16).
>

Yeah, this message refuses to die. Ignore it.

> Im convinved i have a connection issue or udp cache stuff. But cant figure
> out.
>
>
> All this together can be a connection issue? Or misconfiguration?
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages