-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
gentuxx wrote:
> Hi all,
>
> I've noticed that when I (re)start ossec, that ossec-remoted seems to
> exit immediately. There's no indication of what's happened in the
> ossec.log. I get a pid, then nothing. And if I do a `ps -ef' it's
> not there. And when the restart command goes to stop the service(s),
> I get this:
>
> [...snip...]
>
>
> This doesn't mean a whole lot to me, but maybe someone on the list can
> use it (apologize for the length). This is what I get from `strace
> /var/ossec/bin/ossec-remoted -t':
>
[....snip....]
>
>
> So, it looks like it reads the config file and then "detaches", which
> I take to mean that the daemon forks off into daemon mode, but it
> stops instead. Is there something in the ossec.conf that tells the
> server that it has agents that need to be listened to? (I'm assuming
> here that ossec-remoted is what handles the agents.)
OK, I think I figured it out now, and I kind of feel like a dummy for
not seeing it before. I added the following to ossec.conf and now
everything works as expected:
<global>
<white_list>127.0.0.1</white_list>
<white_list>192.168.0.100</white_list>
<white_list>192.168.0.200</white_list>
</global>
<remote>
<connection>secure</connection>
</remote>
Now, I just need to figure out a smart way to get this into the wiki. ;-)
- --
gentux
echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge'
gentux's gpg fingerprint ==> 5495 0388 67FF 0B89 1239 D840 4CF0 39E2
18D3 4A9E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE6ls8TPA54hjTSp4RAtLxAJ9eNMR2IS5NkCjClPfETMhuBTtp7QCdER5J
T2Bq5L/FPT2soguoX6K3p/c=
=p5GF
-----END PGP SIGNATURE-----
