frankit60 said:This is the new /etc/jail.conf issue from version 10.
You can read about it inman jail.conf
.
I read that from version 11 will be the only method used.
Oh, thanks for the info, didn't know
When I have time I try to connect a real machine.
Thanks for the support.
Wish I could have been of better help.
Still I don't get why you don't see the agent/server key validation through
tcpdump
, because when you are adding a key on the agent a connection is made to get the agent name and IP.Also there is a requested feature for security/ossec-hids-agent being able to bind to an ip through ossec.conf, this lack can cause problems in multiple IPs environment (like in a host<>jails configuration) where a solution seems to add route. But this shouldn't be a problem in your case as the agent has one IP only.