ossec-agentd(1214): Problem receiving message from xxxxxxx
1,300 views
Skip to first unread message
skoesters
Dec 18, 2008, 7:28:53 AM12/18/08
to ossec-list
Hi,
i installed ossec agent 1.4 on a CentOS Server (i used a selfmade rpm
Package).
i did this steps:
- install the rpm
- added the agent on the server
- imported the key on the client
- start the client
Now i always got this message on the client
---
008/12/18 13:19:29 ossec-agentd: Unknown message received. No action
defined.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd: Unknown message received. No action
defined.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd: Unknown message received. No action
defined.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:33 ossec-logcollector(1950): Analyzing file: '/var/
log/messages'.
---
After a few minutes the client disconnects. Before this the client is
running and sends his checks to the server.
On the Server i got not error Messages in the log.
The RPM and the Server is not the Problem. It works fine on other
CentOS Servers. Yesterday it also worked on this server, but i had to
reinstall the whole server today and also reinstalled ossec. Now i
have the problems.
I also tried to delete the client on the server and re-added it.
Can you guys please help me?
Kind regards
Sebastian
i installed ossec agent 1.4 on a CentOS Server (i used a selfmade rpm
Package).
i did this steps:
- install the rpm
- added the agent on the server
- imported the key on the client
- start the client
Now i always got this message on the client
---
008/12/18 13:19:29 ossec-agentd: Unknown message received. No action
defined.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd: Unknown message received. No action
defined.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd: Unknown message received. No action
defined.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:29 ossec-agentd(1214): Problem receiving message from
10.10.150.10.
2008/12/18 13:19:33 ossec-logcollector(1950): Analyzing file: '/var/
log/messages'.
---
After a few minutes the client disconnects. Before this the client is
running and sends his checks to the server.
On the Server i got not error Messages in the log.
The RPM and the Server is not the Problem. It works fine on other
CentOS Servers. Yesterday it also worked on this server, but i had to
reinstall the whole server today and also reinstalled ossec. Now i
have the problems.
I also tried to delete the client on the server and re-added it.
Can you guys please help me?
Kind regards
Sebastian
Peter M. Abraham
Dec 19, 2008, 12:37:06 PM12/19/08
to ossec-list
Greetings:
Please consider using ossec 1.6.1 as it is the latest version.
Please make sure UDP 1514 is open between the agent(s) and the server
in any hardware or software firewall / ACL.
Thank you.
Please consider using ossec 1.6.1 as it is the latest version.
Please make sure UDP 1514 is open between the agent(s) and the server
in any hardware or software firewall / ACL.
Thank you.
skoesters
Jan 9, 2009, 12:05:49 PM1/9/09
to ossec-list
Hi,
today i installed 1.6.1 by Hand from the sources. Same error
2009/01/09 17:59:16 ossec-agentd: INFO: Trying to connect to server
(10.10.150.10:1514).
2009/01/09 17:59:16 ossec-rootcheck: System audit file not configured.
2009/01/09 17:59:17 ossec-agentd(4102): INFO: Connected to the server
(10.10.150.10:1514).
2009/01/09 17:59:18 ossec-agentd(1214): WARN: Problem receiving
message from 10.10.150.10.
2009/01/09 17:59:18 ossec-agentd(1214): WARN: Problem receiving
message from 10.10.150.10.
2009/01/09 17:59:18 ossec-agentd(1214): WARN: Problem receiving
message from 10.10.150.10.
2009/01/09 17:59:18 ossec-agentd(1214): WARN: Problem receiving
message from 10.10.150.10.
2009/01/09 17:59:18 ossec-agentd(1214): WARN: Problem receiving
message from 10.10.150.10.
2009/01/09 17:59:18 ossec-agentd(1214): WARN: Problem receiving
message from 10.10.150.10.
2009/01/09 17:59:18 ossec-agentd(1214): WARN: Problem receiving
message from 10.10.150.10.
2009/01/09 17:59:20 ossec-syscheckd: INFO: Started (pid: 16541).
2009/01/09 17:59:20 ossec-rootcheck: INFO: Started (pid: 16541).
Thats no Firewall issue. Like i said, the client is able to connect
and works, but after a few minutes he disconnects. (See first Post:
There is no error in the Server logs
Kind regards
Sebastian
On 19 Dez. 2008, 18:37, "Peter M. Abraham"
today i installed 1.6.1 by Hand from the sources. Same error
2009/01/09 17:59:16 ossec-agentd: INFO: Trying to connect to server
(10.10.150.10:1514).
2009/01/09 17:59:16 ossec-rootcheck: System audit file not configured.
2009/01/09 17:59:17 ossec-agentd(4102): INFO: Connected to the server
(10.10.150.10:1514).
2009/01/09 17:59:18 ossec-agentd(1214): WARN: Problem receiving
message from 10.10.150.10.
2009/01/09 17:59:18 ossec-agentd(1214): WARN: Problem receiving
message from 10.10.150.10.
2009/01/09 17:59:18 ossec-agentd(1214): WARN: Problem receiving
message from 10.10.150.10.
2009/01/09 17:59:18 ossec-agentd(1214): WARN: Problem receiving
message from 10.10.150.10.
2009/01/09 17:59:18 ossec-agentd(1214): WARN: Problem receiving
message from 10.10.150.10.
2009/01/09 17:59:18 ossec-agentd(1214): WARN: Problem receiving
message from 10.10.150.10.
2009/01/09 17:59:18 ossec-agentd(1214): WARN: Problem receiving
message from 10.10.150.10.
2009/01/09 17:59:20 ossec-syscheckd: INFO: Started (pid: 16541).
2009/01/09 17:59:20 ossec-rootcheck: INFO: Started (pid: 16541).
Thats no Firewall issue. Like i said, the client is able to connect
and works, but after a few minutes he disconnects. (See first Post:
"After a few minutes the client disconnects. Before this the client is
running and sends his checks to the server. ").
There is no error in the Server logs
Kind regards
Sebastian
On 19 Dez. 2008, 18:37, "Peter M. Abraham"
skoesters
Jan 13, 2009, 4:32:31 AM1/13/09
to ossec-list
a new error message. Maybe this is the reason why the client lost the
connection?!
2009/01/13 08:07:56 ossec-agentd(4102): INFO: Connected to the server
(10.10.150.10:1514).
2009/01/13 08:07:56 ossec-agentd: INFO: Server responded. Releasing
lock.
2009/01/13 08:08:01 ossec-agentd: INFO: Lock free. Continuing...
2009/01/13 08:38:09 ossec-agentd: WARN: Server unavailable. Setting
lock.
2009/01/13 08:38:10 ossec-agentd: WARN: Process locked. Waiting for
permission...
On 9 Jan., 18:05, skoesters <skoest...@tradehaven.de> wrote:
> Hi,
>
> today i installed 1.6.1 by Hand from the sources. Same error
>
> 2009/01/09 17:59:16 ossec-agentd: INFO: Trying to connect to server
> (10.10.150.10:1514).
> 2009/01/09 17:59:16 ossec-rootcheck: System audit file not configured.
> 2009/01/09 17:59:17 ossec-agentd(4102): INFO: Connected to the server
> (10.10.150.10:1514).
> 2009/01/09 17:59:18 ossec-agentd(1214): WARN:Problemreceivingmessagefrom 10.10.150.10.
> 2009/01/09 17:59:18 ossec-agentd(1214): WARN:Problemreceivingmessagefrom 10.10.150.10.
> 2009/01/09 17:59:18 ossec-agentd(1214): WARN:Problemreceivingmessagefrom 10.10.150.10.
> 2009/01/09 17:59:18 ossec-agentd(1214): WARN:Problemreceivingmessagefrom 10.10.150.10.
> 2009/01/09 17:59:18 ossec-agentd(1214): WARN:Problemreceivingmessagefrom 10.10.150.10.
> 2009/01/09 17:59:18 ossec-agentd(1214): WARN:Problemreceivingmessagefrom 10.10.150.10.
> 2009/01/09 17:59:18 ossec-agentd(1214): WARN:Problemreceivingmessagefrom 10.10.150.10.
>
> - Zitierten Text anzeigen -
connection?!
2009/01/13 08:07:56 ossec-agentd(4102): INFO: Connected to the server
(10.10.150.10:1514).
2009/01/13 08:07:56 ossec-agentd: INFO: Server responded. Releasing
lock.
2009/01/13 08:08:01 ossec-agentd: INFO: Lock free. Continuing...
2009/01/13 08:38:09 ossec-agentd: WARN: Server unavailable. Setting
lock.
2009/01/13 08:38:10 ossec-agentd: WARN: Process locked. Waiting for
permission...
On 9 Jan., 18:05, skoesters <skoest...@tradehaven.de> wrote:
> Hi,
>
> today i installed 1.6.1 by Hand from the sources. Same error
>
> 2009/01/09 17:59:16 ossec-agentd: INFO: Trying to connect to server
> (10.10.150.10:1514).
> 2009/01/09 17:59:16 ossec-rootcheck: System audit file not configured.
> 2009/01/09 17:59:17 ossec-agentd(4102): INFO: Connected to the server
> (10.10.150.10:1514).
> 2009/01/09 17:59:18 ossec-agentd(1214): WARN:Problemreceivingmessagefrom 10.10.150.10.
> 2009/01/09 17:59:18 ossec-agentd(1214): WARN:Problemreceivingmessagefrom 10.10.150.10.
> 2009/01/09 17:59:18 ossec-agentd(1214): WARN:Problemreceivingmessagefrom 10.10.150.10.
> 2009/01/09 17:59:18 ossec-agentd(1214): WARN:Problemreceivingmessagefrom 10.10.150.10.
> 2009/01/09 17:59:18 ossec-agentd(1214): WARN:Problemreceivingmessagefrom 10.10.150.10.
> 2009/01/09 17:59:18 ossec-agentd(1214): WARN:Problemreceivingmessagefrom 10.10.150.10.
> 2009/01/09 17:59:20 ossec-syscheckd: INFO: Started (pid: 16541).
> 2009/01/09 17:59:20 ossec-rootcheck: INFO: Started (pid: 16541).
>
> Thats no Firewall issue. Like i said, the client is able to connect
> and works, but after a few minutes he disconnects. (See first Post:
> "After a few minutes the client disconnects. Before this the client is
> running and sends his checks to the server. ").
>
> There is no error in the Server logs
>
> Kind regards
>
> Sebastian
>
> On 19 Dez. 2008, 18:37, "Peter M. Abraham"
>
>
>
> <peter.abra...@dynamicnet.net> wrote:
> > Greetings:
>
> > Please consider using ossec 1.6.1 as it is the latest version.
>
> > Please make sure UDP 1514 is open between the agent(s) and the server
> > in any hardware or software firewall / ACL.
>
> > Thank you.- Zitierten Text ausblenden -
> 2009/01/09 17:59:20 ossec-rootcheck: INFO: Started (pid: 16541).
>
> Thats no Firewall issue. Like i said, the client is able to connect
> and works, but after a few minutes he disconnects. (See first Post:
> "After a few minutes the client disconnects. Before this the client is
> running and sends his checks to the server. ").
>
> There is no error in the Server logs
>
> Kind regards
>
> Sebastian
>
> On 19 Dez. 2008, 18:37, "Peter M. Abraham"
>
>
>
> <peter.abra...@dynamicnet.net> wrote:
> > Greetings:
>
> > Please consider using ossec 1.6.1 as it is the latest version.
>
> > Please make sure UDP 1514 is open between the agent(s) and the server
> > in any hardware or software firewall / ACL.
>
>
> - Zitierten Text anzeigen -
Reply all
Reply to author
Forward
0 new messages