Thanks Daniel, that helped me locate the problem. Apparently, at least in my installation, the "agentless" directory was installed chmod 750 and owned by root:root. Changing the ownership of the directory to root:ossec resolved the initial problem. I'm still working out the intricacies of monitoring Foundry equipment but I anticipate being successful.
--Matt On Mar 6, 2:16 pm, Daniel Cid <[email protected]> wrote: > Hi Matt, > > Testing it manually is very simple. First, go to the /var/ossec > directory and execute > from there the agentless command you want. For example: > > # cd /var/ossec > # ./agentless/ssh_generic_diff [email protected] show config > > You can also try using sudo -u ossec, to reproduce it more closely > (since inside ossec > is runs as user ossec): > > # sudo -u ossec ./agentless/ssh_generic_diff > [email protected] show config > > *Note that you need to run it from /var/ossec, otherwise it will fail. > > Try that and let us know how it goes (and the full output). > > Thanks, > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > On Thu, Mar 5, 2009 at 7:01 PM, Matt <[email protected]> wrote: > > > Hi Daniel, > > > Expect is (and was) installed, so I assume that is not the issue.. any > > help with running manually would be appreciated. > > > On Mar 5, 11:36 am, Daniel Cid <[email protected]> wrote: > >> Hi Matt, > > >> It is supposed to give you more information about the error, like we > >> show in the manual[1]. However, > >> the test failed message is generally related to missing the expect > >> libraries. Did you install them? > >> If you are using a debian-like system, just a "apt-get install expect" > >> should solve. > > >> If that's not the issue, let us know and we can help running them > >> manually to debug... > > >> [1] -http://www.ossec.net/main/manual/manual-agentless-monitoring/ > > >> *btw, if you get them working, please share with us the switch brand > >> and the config you used. I would > >> like to create a database with all devices that we know works well. > > >> Thanks, > > >> -- > >> Daniel B. Cid > >> dcid ( at ) ossec.net > > >> On Thu, Mar 5, 2009 at 11:38 AM, Matt <[email protected]> wrote: > > >> > Hello All, > > >> > I am starting to work with the agentless monitoring, and the first > >> > host I'm working with is a non-Cisco switch. I've modifed ossec.conf > >> > like so: > > >> > <agentless> > >> > <type>ssh_generic_diff</type> > >> > <frequency>120</frequency> <!-- set to 120, just for testing > >> > --> > >> > <host>[email protected]</host> > >> > <state>periodic_diff</state> > >> > <arguments>show config</arguments> > >> > </agentless> > > >> > Restarting ossec, and the following relevant log entries appear: > > >> > 2009/03/04 08:29:27 ossec-agentlessd: INFO: Started (pid: 7151). > >> > ... snip ... > >> > 2009/03/04 08:29:29 ossec-agentlessd: ERROR: Test failed for > >> > 'ssh_generic_diff' (126). Ignoring. > > >> > Any way to debug this further, or make the logging more verbose? TIA
