I have this situation:
_one agent inside a LAN with a dhcp internal ip, the router has a static ip
_and a server that I use, inside the same LAN with an internal dhcp ip and outside the LAN with dynamic ip
I configured
the server's ossec.conf with both the agent ips ( the LAN ip and the router static ip which has a port forwarding )
The agent's ossec.conf with the LAN server ip and with "any"
When I'm inside the LAN agent and server connects
When I'm outside the LAN with the server they don't connect
Does the server searchs for agents to the two ips I set in the server's ossec.conf ? or it is only the agent that try to connect to the server (in this last case there is no way the agent can find the server outside the LAN)
The agent's log:
2025/04/28 21:07:24 ossec-agentd: INFO: Trying next server in the line: 'any'.
2025/04/28 21:07:25 ossec-agentd: INFO: Closing connection to server any, port 1514.
2025/04/28 21:07:25 ossec-agentd: INFO: Trying to connect to server any, port 1514.
2025/04/28 21:07:25 getaddrinfo: Name or service not known
2025/04/28 21:08:09 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database).
2025/04/28 21:08:09 ossec-syscheckd: WARN: Process locked. Waiting for permission...
Is there a way to enable connection when the server is out of LAN ?
thnks
When I'm outside the LAN with the server they don't connectis your firewall logging the connection? What does a packet capture show?