Hello,
I installed 14 agents (Linux RedHat Enterprise 3 and 4, and AIX 5.2) and one
server (Linux). And yes, I experienced some troubles with that installation,
and in particular following problem:
- Syscheck modules never worked, on any of the 14 agents
And I never saw any errors in logs, including with full debug options
activated on agents and server. All I can say, and maybe could it be source
of trouble, is that Ossec agents were installed on test machines and then
exported on production servers, that had not compilers for security reasons.
One way to by-pass this problem is to install Ossec agents as "Server", and
not as agents. So, instead of communicating with a Ossec server, "agents"
communicate with a SMTP server for alerts emails. Less easy to manage, but
efficient !
And it seems that I'm alone to have this problem...
However, I would say that Ossec is a great software, I think the best of
HIDS. Let's wait a few months that there are more different types of Ossec
installations ;-)
Fred
-----Original Message-----
From: [email protected] [mailto:[EMAIL PROTECTED] On
Behalf Of Magnus Egilsson
Sent: Wednesday, January 24, 2007 1:34 PM
To: [EMAIL PROTECTED]
Subject: [ossec-list] agent troubles
Hi
Has anyone experienced not beeing able to add more than 5 agents to the
server? After restart I can see number six added in the ossec-log. I can see
ip traffic from the agent but the server remains silent. No errors occur in
logs and ive tried this with iptables on and off. The server is running
latest gentoo.
The first five agents are running like a charm and are doing a very good
job.What I find strange is I clone the basic config on agents / server so
everything should be working fine. Client number six is on the same subnet
as the server.
Maybe this is just beginner error since im rather new to ossec :)
Best regards'
Magnus
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.410 / Virus Database: 268.17.8/649 - Release Date: 23.1.2007
