sure - I have multiple ip addresses on one server with different websites
running on each of the ip addresses.
-----Original Message-----
From: dan (ddp)
Sent: Sunday, January 08, 2012 11:05 PM
To: [email protected]
Subject: Re: [ossec-list] multiple agents on a single server
On Sun, Jan 8, 2012 at 9:49 PM, Jeff Jennings
<[email protected]> wrote:
I ran across these instructions on how to install multiple agents on a
single server since I need to monitor multiple IP’s
http://www.immutablesecurity.com/index.php/2010/10/22/2woo-day-6-running-multiple-instances-on-one-box/comment-page-1/#comment-1043
I posted my problem in the comment area on this guy’s page but I guess he
did not like the question and deleted my comment.
In any event – his page refers to the following:
Now, go into the <remote> section of ossec.conf in each remote instance
and
configure the <local_ip> option to point to the correct IP. Make sure each
instance points to a unique IP.
I can’t find any section in the ossec-conf file on my agent servers to
place
what is referred to above.
ANY IDEAS?
I think the <remote> section is only available on the manager.
I don't understand why you're installing multiple copies on a single
agent though, your explanation made no sense. Any chance you could
elaborate?
In addition his instructions go on to supply a startup script which fails
as
follows, but I think it’s failing because the additional instances on the
agents are not bound to specific Ip addresses.
Can anyone give me some help here>
ossec-agentd not running...
ossec-execd not running...
[root@marine init.d]# ./ossec.sh start
Starting OSSEC at /var/ossec6: 2012/01/08 17:44:33 ossec-syscheckd(1702):
INFO: No directory provided for syscheck to monitor.
^^^^
syscheck isn't configured?
/var/ossec6/bin/ossec-control: line 138: 8627 Segmentation fault
Not being configured shouldn't cause a segfault in syscheck. What
version are you using?
${DIR}/bin/${i}
[FAILED]
Starting OSSEC at /var/ossec: [ OK ]
Starting OSSEC at /var/ossec2: 2012/01/08 17:44:35 ossec-syscheckd(1702):
INFO: No directory provided for syscheck to monitor.
/var/ossec2/bin/ossec-control: line 138: 8691 Segmentation fault
${DIR}/bin/${i}
[FAILED]
Starting OSSEC at /var/ossec3: 2012/01/08 17:44:35 ossec-syscheckd(1702):
INFO: No directory provided for syscheck to monitor.
/var/ossec3/bin/ossec-control: line 138: 8720 Segmentation fault
${DIR}/bin/${i}
[FAILED]
Starting OSSEC at /var/ossec4: 2012/01/08 17:44:36 ossec-syscheckd(1702):
INFO: No directory provided for syscheck to monitor.
/var/ossec4/bin/ossec-control: line 138: 8749 Segmentation fault
${DIR}/bin/${i}
[FAILED]
Starting OSSEC at /var/ossec5: 2012/01/08 17:44:36 ossec-syscheckd(1702):
INFO: No directory provided for syscheck to monitor.
/var/ossec5/bin/ossec-control: line 138: 8778 Segmentation fault
${DIR}/bin/${i}
[FAILED]
Starting OSSEC at /var/ossec6: 2012/01/08 17:44:36 ossec-syscheckd(1702):
INFO: No directory provided for syscheck to monitor.
/var/ossec6/bin/ossec-control: line 138: 8813 Segmentation fault
${DIR}/bin/${i}
[FAILED]
[root@marine init.d]#
