Re: [ossec-list] agent.conf not getting pushed to one agent

Thu, 21 Jul 2011 10:28:48 -0700 

This always seems to happen to me... right after posting this, I checked the
shared dir again and the agent.conf and ar.conf were magically there.

What did change was that I uninstalled the agent completely and reinstalled
again.

Yesterday I was having the original problem that was described and when I
came in this morning it was still in that state.




On Thu, Jul 21, 2011 at 9:58 AM, jplee3 <[email protected]> wrote:

> Hey all,
>
> What would cause agent.conf and ar.conf to *not* get copied to a
> Windows box (agent) that is Active (connected) on an OSSEC server?
>
> I've made sure that Active Response is set to <disabled>no</disabled>
> in the Windows ossec.conf. In fact, if I attempt to restart via
> agent_control, it produces this message in the ossec.log on the
> Windows box:
>
> 2011/07/21 12:53:01 ossec-execd(1311): ERROR: Invalid command name
> 'restart-ossec0' provided.
> 2011/07/21 12:53:02 ossec-agent(1103): ERROR: Unable to open file
> 'shared/ar.conf'.
> 2011/07/21 12:53:02 ossec-execd(1311): ERROR: Invalid command name
> 'restart-ossec0' provided.
> 2011/07/21 12:53:02 ossec-agent(1103): ERROR: Unable to open file
> 'shared/ar.conf'.
> 2011/07/21 12:53:02 ossec-execd(1311): ERROR: Invalid command name
> 'restart-ossec0' provided.
> 2011/07/21 12:53:03 ossec-agent(1103): ERROR: Unable to open file
> 'shared/ar.conf'.
> 2011/07/21 12:53:03 ossec-execd(1311): ERROR: Invalid command name
> 'restart-ossec0' provided.
>
> So it looks like it's communicating fine. It's just that the agent and
> ar conf files don't get copied over for some reason.
>
> I don't have this problem anywhere else. I'm wondering if it's a
> Windows permission issue (can't copy the files into the shared dir for
> some reason). This is a Win2k3 box btw. I've installed the newest 2.6
> OSSEC agent and it's talking to a 2.5.1 OSSEC server. As I alluded to
> already, this is the only box I'm having issues with. I actually
> installed the 2.6 agent on another Windows 2003 box and had no
> problems with the agent and ar conf files getting copied over to that
> one.
>
> I'm assuming *everything* is transmitted over 1514 right?
>
> I'm tempted to just copy the agent.conf and ar.conf onto this box at
> this point...
>

Reply via email to