Hi Matt, Testing it manually is very simple. First, go to the /var/ossec directory and execute from there the agentless command you want. For example:
# cd /var/ossec # ./agentless/ssh_generic_diff [email protected] show config You can also try using sudo -u ossec, to reproduce it more closely (since inside ossec is runs as user ossec): # sudo -u ossec ./agentless/ssh_generic_diff [email protected] show config *Note that you need to run it from /var/ossec, otherwise it will fail. Try that and let us know how it goes (and the full output). Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Thu, Mar 5, 2009 at 7:01 PM, Matt <[email protected]> wrote: > > Hi Daniel, > > Expect is (and was) installed, so I assume that is not the issue.. any > help with running manually would be appreciated. > > > On Mar 5, 11:36 am, Daniel Cid <[email protected]> wrote: >> Hi Matt, >> >> It is supposed to give you more information about the error, like we >> show in the manual[1]. However, >> the test failed message is generally related to missing the expect >> libraries. Did you install them? >> If you are using a debian-like system, just a "apt-get install expect" >> should solve. >> >> If that's not the issue, let us know and we can help running them >> manually to debug... >> >> [1] -http://www.ossec.net/main/manual/manual-agentless-monitoring/ >> >> *btw, if you get them working, please share with us the switch brand >> and the config you used. I would >> like to create a database with all devices that we know works well. >> >> Thanks, >> >> -- >> Daniel B. Cid >> dcid ( at ) ossec.net >> >> On Thu, Mar 5, 2009 at 11:38 AM, Matt <[email protected]> wrote: >> >> > Hello All, >> >> > I am starting to work with the agentless monitoring, and the first >> > host I'm working with is a non-Cisco switch. I've modifed ossec.conf >> > like so: >> >> > <agentless> >> > <type>ssh_generic_diff</type> >> > <frequency>120</frequency> <!-- set to 120, just for testing >> > --> >> > <host>[email protected]</host> >> > <state>periodic_diff</state> >> > <arguments>show config</arguments> >> > </agentless> >> >> > Restarting ossec, and the following relevant log entries appear: >> >> > 2009/03/04 08:29:27 ossec-agentlessd: INFO: Started (pid: 7151). >> > ... snip ... >> > 2009/03/04 08:29:29 ossec-agentlessd: ERROR: Test failed for >> > 'ssh_generic_diff' (126). Ignoring. >> >> > Any way to debug this further, or make the logging more verbose? TIA >
