Atomicorp

scott wrote: ↑Fri Jun 11, 2021 9:01 am
So next take a look in /var/ossec/etc/internal_options.conf and enable the debug settings for remoted. You can do the same on the agent side for agentd, and then see if the output there is helpful at all

It doesn't seem to be that hepful. I've set remoted.debug=2 and agentd.debug=2 on the machines. I see nothing in logs/ossec.log. If I run (after having killed remoted) bin/ossec-remoted -d -d -f, all I get is varous lines saying

2021/06/11 16:10:49 ossec-remoted(1403): ERROR: Incorrectly formatted message from '212.45.144.123'.
2021/06/11 16:10:54 ossec-remoted(1403): ERROR: Incorrectly formatted message from '212.45.144.123'.
2021/06/11 16:11:00 ossec-remoted(1403): ERROR: Incorrectly formatted message from '212.45.144.123'.

and on the agent I get only

root@Saguaro:~ossec # grep agentd logs/ossec.log
2021/06/11 16:05:41 ossec-agentd: INFO: Using notify time: 600 and max time to reconnect: 1800
2021/06/11 16:05:41 agentd imsg_init()
2021/06/11 16:05:41 ossec-agentd [dns]: INFO: Starting osdns
root@Saguaro:~ossec #

Thanks again for your patience,

Luciano.