Hi,
I'm currently migrating OSSEC from Ubuntu 14.04 (x64) to an Raspeberry Pi2 running Ubuntu 14.04 (arm). As there is no binary build, I build up everything from the source. I copy over the running config from the Ubuntu host to the Raspberry.
When I start OSSEC, Agents can not connect to OSSEC.
I search the list and found something similar at:
https://www.mail-archive.com/ossec...@googlegroups.com/msg09198.htmlThere was the case that the agents can not connect to the Rethat system but to a cent os system in the same network.
It's the same here. Firewall is open and agents sends data:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:46:42.590610 IP static.xx.xx.xx.xx > 10.23.23.2.1514: UDP, length 441
Log files:
2015/10/15 14:29:38 ossec-remoted(4111): INFO: Maximum number of agents allowed: '256'.
2015/10/15 14:29:38 ossec-remoted(1410): INFO: Reading authentication keys file.
2015/10/15 14:29:38 ossec-monitord: INFO: Started (pid: 32534).
2015/10/15 14:29:40 ossec-analysisd: INFO: Connected to '/queue/alerts/ar' (active-response queue)
2015/10/15 14:29:40 ossec-analysisd: INFO: Connected to '/queue/alerts/execq' (exec queue)
2015/10/15 14:29:42 ossec-syscheckd: INFO: Started (pid: 32527).
2015/10/15 14:29:42 ossec-rootcheck: INFO: Started (pid: 32527).
Any ideas what could be the cause of the server not accepting connections? The same setup, same config is running fine on the intel ubuntu.
Brgs
Daniel