Ossec Agent stays in Never connected state

Support/Development for OSSEC
User avatar
pteros
Forum User
Forum User
Posts: 8
Joined: Thu May 20, 2021 10:15 am

Re: Ossec Agent stays in Never connected state

Unread post by pteros »

scott wrote: Fri Jun 11, 2021 9:01 am
So next take a look in /var/ossec/etc/internal_options.conf and enable the debug settings for remoted. You can do the same on the agent side for agentd, and then see if the output there is helpful at all
It doesn't seem to be that hepful. I've set remoted.debug=2 and agentd.debug=2 on the machines. I see nothing in logs/ossec.log. If I run (after having killed remoted) bin/ossec-remoted -d -d -f, all I get is varous lines saying

2021/06/11 16:10:49 ossec-remoted(1403): ERROR: Incorrectly formatted message from '212.45.144.123'.
2021/06/11 16:10:54 ossec-remoted(1403): ERROR: Incorrectly formatted message from '212.45.144.123'.
2021/06/11 16:11:00 ossec-remoted(1403): ERROR: Incorrectly formatted message from '212.45.144.123'.

and on the agent I get only

root@Saguaro:~ossec # grep agentd logs/ossec.log
2021/06/11 16:05:41 ossec-agentd: INFO: Using notify time: 600 and max time to reconnect: 1800
2021/06/11 16:05:41 agentd imsg_init()
2021/06/11 16:05:41 ossec-agentd [dns]: INFO: Starting osdns
root@Saguaro:~ossec #

Thanks again for your patience,

Luciano.
Post Reply