Hi Gytis, 2011/2/23 Gytis Šukys <[email protected]>: > OSSEC srv: v2.0 > OSSEC clt: 2.5.1 > > I simply added this line to my ossec-agent.conf: > <system_audit>/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt</system_audit> > Also, restarted OSSEC processes at manager side after added new agents. > That way agent-control -l or -i id on manager side shows me whole info > about the client. > > So the only problem left is this: ossec-logcollector: socketerr (not > available). > > Any advices? Thanks. >
Can you update the manager to 2.5.1? Running an older version on the manager than on the clients is not recommended. Other than that, I just the same questions I asked in my last email: >> Use tcpdump on the manager to see if the packets are making it to the >> manager. >> Check the logs on the manager for any entries about this agent. > 2011/2/23 dan (ddp) <[email protected]>: >> Hi Gytis, >> >> On Wed, Feb 23, 2011 at 9:42 AM, Gytis Šukys <[email protected]> wrote: >>> http://pkgs.org/ >>> >>> Btw. solved that problem, but now have another: >>> >> >> For the archives, how did you solve the problem? >> >> Which version of OSSEC? >> Did you restart the OSSEC processes on the manager after adding the agent? >> >>> 2011/02/23 15:40:45 ossec-agentd(1218): ERROR: Unable to send message >>> to server. >>> 2011/02/23 15:40:45 ossec-logcollector: socketerr (not available). >>> 2011/02/23 15:40:46 ossec-agentd: WARN: Server unavailable. Setting >>> lock. >>> 2011/02/23 15:40:56 ossec-agentd(1218): ERROR: Unable to send message >>> to server. >>> 2011/02/23 15:41:08 ossec-agentd(1218): ERROR: Unable to send message >>> to server. >>> 2011/02/23 15:41:09 ossec-agentd(4101): WARN: Waiting for server reply >>> (not started). Tried: 'X'. >>> 2011/02/23 15:41:11 ossec-agentd: INFO: Trying to connect to server >>> (X). >>> 2011/02/23 15:41:21 ossec-agentd(1218): ERROR: Unable to send message to >>> server. >>> >>> netstat -an | grep 1514 shows that connection is established. >>> >> >> Use tcpdump on the manager to see if the packets are making it to the >> manager. >> Check the logs on the manager for any entries about this agent. >> >> dan >> >
