OSSEC srv: v2.0 OSSEC clt: 2.5.1 I simply added this line to my ossec-agent.conf: <system_audit>/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt</system_audit> Also, restarted OSSEC processes at manager side after added new agents. That way agent-control -l or -i id on manager side shows me whole info about the client.
So the only problem left is this: ossec-logcollector: socketerr (not available). Any advices? Thanks. 2011/2/23 dan (ddp) <[email protected]>: > Hi Gytis, > > On Wed, Feb 23, 2011 at 9:42 AM, Gytis Šukys <[email protected]> wrote: >> http://pkgs.org/ >> >> Btw. solved that problem, but now have another: >> > > For the archives, how did you solve the problem? > > Which version of OSSEC? > Did you restart the OSSEC processes on the manager after adding the agent? > >> 2011/02/23 15:40:45 ossec-agentd(1218): ERROR: Unable to send message >> to server. >> 2011/02/23 15:40:45 ossec-logcollector: socketerr (not available). >> 2011/02/23 15:40:46 ossec-agentd: WARN: Server unavailable. Setting >> lock. >> 2011/02/23 15:40:56 ossec-agentd(1218): ERROR: Unable to send message >> to server. >> 2011/02/23 15:41:08 ossec-agentd(1218): ERROR: Unable to send message >> to server. >> 2011/02/23 15:41:09 ossec-agentd(4101): WARN: Waiting for server reply >> (not started). Tried: 'X'. >> 2011/02/23 15:41:11 ossec-agentd: INFO: Trying to connect to server >> (X). >> 2011/02/23 15:41:21 ossec-agentd(1218): ERROR: Unable to send message to >> server. >> >> netstat -an | grep 1514 shows that connection is established. >> > > Use tcpdump on the manager to see if the packets are making it to the manager. > Check the logs on the manager for any entries about this agent. > > dan >
