[ossec-list] ossec-syscheckd crashed using agent centralized configuration

Thu, 24 Feb 2011 10:37:56 -0800 

Hi all,
Like I explain in another email I need to setup agent centralized configuration for my ossec client. With one ossec client that previously I have installed withou configuring this feature at first time, all works ok, but with a new ossec client installed, ossec-syscheckd crash. 

 Error:

Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)...
Started ossec-execd...
ossec-agentd already running...
ossec-logcollector already running...

2011/02/24 17:14:40 ossec-syscheckd(1702): INFO: No directory provided for syscheck 
to monitor.

/var/ossec/bin/ossec-control: line 138: 11552 Segmentation fault      
${DIR}/bin/${i}

 oosec.conf for this new agent is:

<ossec_config>
  <client>
    <server-ip>172.17.47.27</server-ip>
    <server-ip>172.17.47.28</server-ip>
    <port>55111</port>
  </client>

  <active-response>
    <disabled>yes</disabled>
  </active-response>
</ossec_config>

 same config file like in another client that works. On the server side:

[root@ossecsrv02 ~]# /opt/ossec/bin/agent_control -i 002

OSSEC HIDS agent_control. Agent information:
   Agent ID:   002
   Agent Name: rhelclunode01
   IP address: 172.25.50.14
   Status:     Active

   Operating system:    Linux imladris.hpulabs.org 2.6.32-71.14.1.el6.x86_64..
   Client version:      OSSEC HIDS v2.5.1 / fe733799af75bad0d08c5e031be22c77
   Last keep alive:     Thu Feb 24 17:11:33 2011

   Syscheck last started  at: Unknown
   Rootcheck last started at: Unknown

That seems correct, like md5sum command shows:

[root@ossecsrv02 ~]# md5sum /opt/ossec/etc/shared/agent.conf
fe733799af75bad0d08c5e031be22c77  /opt/ossec/etc/shared/agent.conf

And last, ossec.log from the client:

2011/02/24 17:11:17 ossec-logcollector: INFO: Started (pid: 8043).

2011/02/24 17:11:32 ossec-agentd: INFO: Unable to connect to the active response 
queue (disabled).
2011/02/24 17:11:33 ossec-agentd(4102): INFO: Connected to the server 
(172.17.47.27:55111).

2011/02/24 17:14:40 ossec-execd(1350): INFO: Active response disabled. Exiting.

2011/02/24 17:14:40 ossec-syscheckd(1702): INFO: No directory provided for syscheck 
to monitor.


Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com






















					Reply via email to