I have installed an ossim server and an ossim sensor to test ossim and tested few function since setup.And I need to collect log from a lot of other normal server. I set up a ossec agent on a normal linux server follow the tutorial
It realy work well.the data was showed in web interface.
BUT when I changed the senor of the linux server into ossim sensor, generated a key under the sensor,paste the key into the linux server's ossec agent,the status of the agent changed into disconneted...and no more data to web interface showed...
here are some configuration .
the follow picture is the list of ossim sensor's agent in the web interface.
and I also checked the processes of ossim sensor, it shows like this
and i also use tcpdump to capture the packages on port 1514
BUT the log of the linux server is always warn like this...
the status never changed into active....the data also nerver showed in the web interface search...
I am doubt the ossec sensor...can the ossec agent connect the ossim senor,or only the ossim server is allowed？