I have installed the OSSEC server in a public instance and the OSSEC agent in a private instance on AWS in the same VPC. I have successfully installed the OSSEC server and agent, but can't connect the server with the agent. I was referring below link for setup: https://techviewleo.com/install-and-configure-ossec-hids-agent-on-ubuntu/
Asked
Active
Viewed 295 times
-1
-
use ```nc -v hostname port``` to test network connectivity between server & agent. – wowbagger Nov 16 '21 at 13:40
1 Answers
0
As @wowbagger mentioned, checking connectivity is a good idea. You probably have to configure your Security Group on AWS to allow connections (inbounds) in your Manager using TCP/UDP protocol and port 1514 (if you didn't change it).
alberpilot
- 11
- 1
-
I have added port 1514 in the Security Group on AWS to allow connections (inbounds). But still not able to connect the server to agent – Ganesh Swain Nov 23 '21 at 06:09
-
Consider checking the following: - Check if the Wazuh manager is running: `systemctl status wazuh-manager` and check if the service is listening on those ports: `netstat -tunap | grep 1514`. ( I suppose that you registered the agent. Did you?) - Check if the Wazuh agent is running: `systemctl status wazuh-agent` and check if you have any error on `ossec.log` in both Manager and Agent. - What about the NC test that @wowbagger mentioned? You could share the output – alberpilot Nov 24 '21 at 07:05