First of all thank you for your reply. > Did you restart OSSEC after the change? This is necessary when adding > agents.
I installed ossec in directory /home/ossec. After adding a client restarted ossec by /home/ossec/bin/ossec-control restart command. Result as follows: Killing ossec-monitord .. Killing ossec-logcollector .. Killing ossec-remoted .. Killing ossec-syscheckd .. Killing ossec-analysisd .. ossec-maild not running .. Killing ossec-execd .. Killing ossec-agentlessd .. OSSEC HIDS v2.0 Stopped Starting OSSEC HIDS v2.0 (by Third Brigade, Inc.)... Started ossec-agentlessd... 2009/06/12 10:04:39 ossec-maild: INFO: E-Mail notification disabled. Clean Exit. Started ossec-maild... Started ossec-execd... Started ossec-analysisd... Started ossec-logcollector... Started ossec-remoted... Started ossec-syscheckd... Started ossec-monitord... Completed. It seems ossec started successfully. Some of the last lines of ossec.log are: 2009/06/12 10:04:42 ossec-agentlessd: INFO: Test passed for 'ssh_generic_diff'. 2009/06/12 10:04:42 ossec-analysisd: INFO: Connected to '/queue/alerts/ ar' (active-response queue) 2009/06/12 10:04:42 ossec-analysisd: INFO: Connected to '/queue/alerts/ execq' (exec queue) 2009/06/12 10:04:44 ossec-agentlessd: INFO: Test passed for 'ssh_generic_diff'. 2009/06/12 10:04:44 ossec-syscheckd: INFO: Started (pid: 14465). 2009/06/12 10:04:44 ossec-rootcheck: INFO: Started (pid: 14465). 2009/06/12 10:05:47 ossec-agentlessd: ERROR: ssh_integrity_check_linux: [email protected]: Password for '[email protected]' not found. 2009/06/12 10:05:48 ossec-remoted(1403): ERROR: Incorrectly formated message from '192.168.0.120'. 2009/06/12 10:05:49 ossec-agentlessd: INFO: ssh_generic_diff: [email protected]: Started. 2009/06/12 10:05:49 ossec-agentlessd: INFO: ssh_generic_diff: [email protected]: Starting. 2009/06/12 10:05:50 ossec-agentlessd: INFO: ssh_generic_diff: [email protected]: Finished. 2009/06/12 10:05:58 ossec-agentlessd: INFO: ssh_generic_diff: [email protected]: Started. 2009/06/12 10:05:59 ossec-agentlessd: INFO: ssh_generic_diff: [email protected]: Starting. 2009/06/12 10:06:00 ossec-agentlessd: INFO: ssh_generic_diff: [email protected]: Finished. 2009/06/12 10:06:46 ossec-remoted(1403): ERROR: Incorrectly formated message from '192.168.0.120'. 2009/06/12 10:06:52 ossec-remoted(1403): ERROR: Incorrectly formated message from '192.168.0.120'. 2009/06/12 10:06:56 ossec-remoted(1403): ERROR: Incorrectly formated message from '192.168.0.120'. 2009/06/12 10:07:01 ossec-remoted(1403): ERROR: Incorrectly formated message from '192.168.0.120'. 2009/06/12 10:07:07 ossec-remoted(1403): ERROR: Incorrectly formated message from '192.168.0.120'. > Do you have the development tools installed? OSSEC compiles itself at the > end of the install script. What development tool do I need to install. I have installed only gcc compiler and linux distro is Ubuntu 9.04. Thank you again :))
