[ossec-list] Re: syscheck_control duplicate IP addresses

Fri, 31 Jul 2009 16:38:22 -0700 

Nathan Grandbois wrote:
> Gentlemen,
> 
> I'm running in to an issue with the syscheck_control command. When I 
> issue syscheck_control -i 001/002/003/004 etc, all of the responses list 
> my agents as having the same IP address. I'm relatively new to this, so 
> if there's a troubleshooting step I missed, please let me know so I can 
> help myself better in the future.
> 
> r...@crumble-105:/var/ossec/bin# ./syscheck_control -i 001
> 
> Integrity changes for agent 'shatter_107 (001) - 172.x.x.107':
> 
> ** No entries found.
> r...@crumble-105:/var/ossec/bin# ./syscheck_control -i 002
> 
> Integrity changes for agent 'terror_108 (002) - 172.x.x.107':
> 
> ** No entries found.
> r...@crumble-105:/var/ossec/bin# ./syscheck_control -i 003
> 
> Integrity changes for agent 'chaos_111 (003) - 172.x.x.107':
> 
> ** No entries found.
> r...@crumble-105:/var/ossec/bin# ./syscheck_control -i 004
> 
> Integrity changes for agent 'minion_112 (004) - 172.x.x.107':
> 
> ** No entries found.
> 
> If I run syscheck_control update utility, it says it updates the 
> database, but does not update the ip address of the ID.
> 

<SNIP>
Here's some additional information:

****************************************
* OSSEC HIDS v2.1 Agent manager. *
* The following options are available: *
****************************************
(A)dd an agent (A).
(E)xtract key for an agent (E).
(L)ist already added agents (L).
(R)emove an agent (R).
(Q)uit.
Choose your action: A,E,L,R or Q: l

Available agents:
ID: 001, Name: shatter_107, IP: 172.23.17.107
ID: 002, Name: terror_108, IP: 172.23.17.108
ID: 003, Name: chaos_111, IP: 172.23.17.111
ID: 004, Name: minion_112, IP: 172.23.17.112

** Press ENTER to return to the main menu.

The manage_agents thinks the ips are different.

The client.keys file on the server contains the correct entries for the 
client.keys file on the agents.

The server is running ubuntu, Linux crumble-105 2.6.22-15-generic #1 SMP 
Fri Jul 11 19:25:33 UTC 2008 i686 GNU/Linux

Clients are the same, Linux terror 2.6.22-15-generic #1 SMP Wed Aug 20 
18:39:13 UTC 2008 i686 GNU/Linux


> 
> ossec.log file attached.
> 
> Thanks a lot.
> 


-- 
_______________________________________________________________________
Nathan Grandbois, CISSP           [email protected]
Security Analyst                  (614) 351-1237 x 212
PGP Key Available by Request
MicroSolved is security expertise you can trust!

HoneyPoint Security Server
Attackers get stung, instead of you!
http://www.microsolved.com/honeypoint

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to