Ossec agent with static ip, server with dynamic ip does not connects outside the LAN

18 views
Skip to first unread message

Trevisi Roberto

unread,
May 1, 2025, 7:49:13 AMMay 1
to ossec...@googlegroups.com
Hi,

I have this situation:

_one agent inside a LAN whose default gateway has a static ip _and a server that I use, inside the same LAN with the static dhcp ip and outside the LAN with dynamic ip

I configured the server's ossec.conf with both the agent ips ( the LAN ip and the router static ip which has a port forwarding ) The agent's ossec.conf with the LAN server ip and with "any"

When I'm inside the LAN agent and server connects When I'm outside the LAN with the server they don't connect

Does the server search for agents to the two ips I set in the server's ossec.conf ? or it is only the agent that try to connect to the server (in this last case there is no way the agent can find the server outside the LAN)

The agent's log:
``` 2025/04/28 21:07:24 ossec-agentd: INFO: Trying next server in the line: 'any'.
2025/04/28 21:07:25 ossec-agentd: INFO: Closing connection to server any, port 1514.
2025/04/28 21:07:25 ossec-agentd: INFO: Trying to connect to server any, port 1514.
2025/04/28 21:07:25 getaddrinfo: Name or service not known
2025/04/28 21:08:09 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database).
2025/04/28 21:08:09 ossec-syscheckd: WARN: Process locked. Waiting for permission... ```

Is there a way to enable connection when the server is out of LAN ?

thnks

Roberto Trevisi

unread,
May 1, 2025, 7:49:13 AMMay 1
to ossec-list
Hi,

0


I have this situation:

_one agent inside a LAN whose default gateway has a static ip _and a server that I use, inside the same LAN with the static dhcp ip and outside the LAN with dynamic ip

I configured the server's ossec.conf with both the agent ips ( the LAN ip and the router static ip which has a port forwarding ) The agent's ossec.conf with the LAN server ip and with "any"

When I'm inside the LAN agent and server connects When I'm outside the LAN with the server they don't connect

Does the server searchs for agents to the two ips I set in the server's ossec.conf ? or it is only the agent that try to connect to the server (in this last case there is no way the agent can find the server outside the LAN)

The agent's log:
```
2025/04/28 21:07:24 ossec-agentd: INFO: Trying next server in the line: 'any'.
2025/04/28 21:07:25 ossec-agentd: INFO: Closing connection to server any, port 1514.
2025/04/28 21:07:25 ossec-agentd: INFO: Trying to connect to server any, port 1514.
2025/04/28 21:07:25 getaddrinfo: Name or service not known
2025/04/28 21:08:09 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database).
2025/04/28 21:08:09 ossec-syscheckd: WARN: Process locked. Waiting for permission...```

Is there a way to enable connection when the server is out of LAN ?

thks



Reply all
Reply to author
Forward
0 new messages