I am having the same issue, the email I sent yesterday doesn't seem to have been posted (grr google groups)
>I can't figure out why no agent is connecting to my server, new or old. I'd like to back up the keys DB and remake the server, and restore the keys. I do not want to generate 500+ keys by hand (again) and the bulk scripts haven't worked. Is there a way to do this, I see agents trying to contact the sever (via wireshark sniffing), but the server never reports them as connected but the requests are being seen by the server NIC. The Server is 2.3 the agents are 2.2 and 2.3. I have another 200 keys that are not in use yet, so 700 in total. I want to swap the hardware and all to eliminate any doubt about that since we had our first ossec issues on Jan-1st. -rich On Tue, May 18, 2010 at 4:44 AM, BOUTROUILLE PASCAL <[email protected]>wrote: > > > > > Hello > > > > > > I have a problem with the installation of ossec. > > After the installation i have the message « No agent available. » > > I have read the forum but i dont find the solution. Here the problem : > > > > > > /etc/init.d/ossec start > > Starting OSSEC HIDS v2.4.1 (by Trend Micro Inc.)... > > 2010/05/15 23:25:16 ossec-maild: INFO: E-Mail notification disabled. Clean > Exit. > > Started ossec-maild... > > Started ossec-execd... > > Started ossec-analysisd... > > Started ossec-logcollector... > > Started ossec-remoted... > > Started ossec-syscheckd... > > Started ossec-monitord... > > Completed. > > > > > > */var/ossec/bin/manage_agents* > > **************************************** > > * OSSEC HIDS v2.4.1 Agent manager. * > > * The following options are available: * > > **************************************** > > (A)dd an agent (A). > > (E)xtract key for an agent (E). > > (L)ist already added agents (L). > > (R)emove an agent (R). > > (Q)uit. > > Choose your action: A,E,L,R or Q: L > > > > Available agents: > > ID: 001, Name: debiantest, IP: 10.135.12.45 > > ID: 002, Name: linux13, IP: 10.135.13.8 > > ID: 003, Name: windows1, IP: 10.135.12.23 > > ID: 004, Name: local, IP: 10.135.12.45 > > > > ** Press ENTER to return to the main menu. > > > > > > /var/ossec/bin/agent_control -lc > > OSSEC HIDS agent_control. List of available agents: > > ID: 000, Name: debiantest (server), IP: 127.0.0.1, Active/Local > > > > > > /var/ossec/bin/agent_control -r -a > > 2010/05/15 23:20:29 agent_control(1210): ERROR: Queue '/queue/alerts/ar' > not accessible: 'Queue not found'. > > 2010/05/15 23:20:44 agent_control(1301): ERROR: Unable to connect to active > response queue. > > ** Unable to connect to remoted. > > > > /var/ossec/bin/list_agents -a > > ** No agent available. > > > > > > dr-xr-x--- 3 root ossec 4096 2010-05-03 05:18 active-response > > dr-xr-x--- 2 root ossec 4096 2010-05-03 05:18 agentless > > dr-xr-x--- 2 root ossec 4096 2010-05-03 05:18 bin > > dr-xr-x--- 3 root ossec 4096 2010-05-04 04:47 etc > > drwxr-x--- 5 ossec ossec 4096 2010-05-09 23:59 logs > > dr-xr-x--- 11 root ossec 4096 2010-05-03 05:18 queue > > dr-xr-x--- 5 root ossec 4096 2010-05-04 04:27 rules > > drwxr-x--- 5 ossec ossec 4096 2010-05-04 00:18 stats > > dr-xr-x--- 2 root ossec 4096 2010-05-03 05:18 tmp > > dr-xr-x--- 3 root ossec 4096 2010-05-10 00:37 var > > > > /etc/group : ossec:x:1002:www-data > > /etc/passwd : ossec:x:1001:1001::/var/ossec:/bin/false > > ossecm:x:1002:1001::/var/ossec:/bin/false > > ossecr:x:1003:1001::/var/ossec:/bin/false > > > > ps –ef : > > www-data 9796 2254 0 May09 ? 00:00:00 /usr/sbin/apache2 -k start > > www-data 9799 2254 0 May09 ? 00:00:00 /usr/sbin/apache2 -k start > > www-data 9802 2254 0 May09 ? 00:00:00 /usr/sbin/apache2 -k start > > www-data 9804 2254 0 May09 ? 00:00:00 /usr/sbin/apache2 -k start > > www-data 9807 2254 0 May09 ? 00:00:00 /usr/sbin/apache2 -k start > > www-data 10290 2254 0 May09 ? 00:00:00 /usr/sbin/apache2 -k start > > root 16867 1 0 23:25 ? 00:00:00 /var/ossec/bin/ossec-execd > > ossec 16871 1 0 23:25 ? 00:00:00 > /var/ossec/bin/ossec-analysisd > > root 16875 1 0 23:25 ? 00:00:00 > /var/ossec/bin/ossec-logcollector > > root 16884 1 2 23:25 ? 00:00:01 > /var/ossec/bin/ossec-syscheckd > > ossec 16888 1 0 23:25 ? 00:00:00 > /var/ossec/bin/ossec-monitord > > > > > > Thank you for your help >
