Hello Dan, I upgraded bash ver 4.2 (Solaris 10) running OSSEC ver 2.7.1 alpha... re installed the OSSEC software... still getting same error message...
Note: key has been imported successfully to the agent..... from the master server... bash-4.2# pwd /var bash-4.2# date Tuesday, May 7, 2013 12:03:07 PM PDT bash-4.2# uname -n luke bash-4.2# /var/ossec/bin/ossec-control start Starting OSSEC HIDS v2.7.1-alpha-1 (by Trend Micro Inc.)... Deleting PID file '/var/ossec/var/run/ossec-logcollector-28976.pid' not used... Deleting PID file '/var/ossec/var/run/ossec-agentd-28972.pid' not used... ossec-execd already running... Started ossec-agentd... Started ossec-logcollector... 2013/05/07 12:03:23 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Destination address required'. 2013/05/07 12:03:23 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Destination address required'. 2013/05/07 12:03:31 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Destination address required'. 2013/05/07 12:03:31 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Destination address required'. 2013/05/07 12:03:44 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Destination address required'. 2013/05/07 12:03:44 ossec-rootcheck(1211): ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue'. Giving up.. ossec-syscheckd did not start bash-4.2# ############################################################################# bash-4.2# cat ossec.log 2013/05/07 11:54:38 ossec-execd: INFO: Started (pid: 28936). 2013/05/07 11:54:38 ossec-agentd(1402): ERROR: Authentication key file '/var/ossec/et c/client.keys' not found. 2013/05/07 11:54:38 ossec-agentd(1750): ERROR: No remote connection configured. Exiti ng. 2013/05/07 11:54:38 ossec-agentd(4109): ERROR: Unable to start without auth keys. Exi ting. 2013/05/07 12:00:32 ossec-agentd(1410): INFO: Reading authentication keys file. 2013/05/07 12:00:35 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address required'. 2013/05/07 12:00:35 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address required'. 2013/05/07 12:00:41 ossec-logcollector(1210): ERROR: Queue '/var/ossec/queue/ossec/qu eue' not accessible: 'Destination address required'. 2013/05/07 12:00:41 ossec-logcollector(1211): ERROR: Unable to access queue: '/var/os sec/queue/ossec/queue'. Giving up.. 2013/05/07 12:00:43 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address required'. 2013/05/07 12:00:43 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address required'. 2013/05/07 12:00:56 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address required'. 2013/05/07 12:00:56 ossec-rootcheck(1211): ERROR: Unable to access queue: '/var/ossec /queue/ossec/queue'. Giving up.. 2013/05/07 12:03:20 ossec-agentd(1410): INFO: Reading authentication keys file. 2013/05/07 12:03:20 ossec-agentd: INFO: No previous counter available for 'luke.usfca .edu'. 2013/05/07 12:03:20 ossec-agentd: INFO: Assigning counter for agent luke.usfca.edu: ' 0:0'. 2013/05/07 12:03:20 ossec-agentd: INFO: No previous sender counter. 2013/05/07 12:03:20 ossec-agentd: INFO: Assigning sender counter: 0:0 2013/05/07 12:03:23 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address required'. 2013/05/07 12:03:23 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address required'. 2013/05/07 12:03:29 ossec-logcollector(1210): ERROR: Queue '/var/ossec/queue/ossec/qu eue' not accessible: 'Destination address required'. 2013/05/07 12:03:29 ossec-logcollector(1211): ERROR: Unable to access queue: '/var/os sec/queue/ossec/queue'. Giving up.. 2013/05/07 12:03:31 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address required'. 2013/05/07 12:03:31 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address required'. 2013/05/07 12:03:44 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address required'. 2013/05/07 12:03:44 ossec-rootcheck(1211): ERROR: Unable to access queue: '/var/ossec /queue/ossec/queue'. Giving up.. bash-4.2# On Tue, May 7, 2013 at 3:29 AM, dan (ddp) <[email protected]> wrote: > Make sure the server-ip made it into the ossec.conf > On May 6, 2013 8:14 PM, "David Juarez" <[email protected]> wrote: > >> Hi Dan, >> >> Many Thanks for your quick response.. I have installed OSSEC HIDS >> v2.7.1-alpha-1 (by Trend Micro Inc.)..., so far installation did not >> complained. I was able to register the agent (Sol10) on the master/server >> ... imported the certificate key on the agent, but when attempting to start >> OSSEC I received the error messages below.. >> >> any suggestions? I am doing a research as well.. >> Thanks again !!! >> >> Kind regards, >> D.J. >> >> >> bash-3.00# ./ossec-control start >> Starting OSSEC HIDS v2.7.1-alpha-1 (by Trend Micro Inc.)... >> ossec-execd already running... >> Started ossec-agentd... >> Started ossec-logcollector... >> 2013/05/06 14:24:57 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> required'. >> 2013/05/06 14:24:57 ossec-rootcheck(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> required'. >> 2013/05/06 14:25:05 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> required'. >> 2013/05/06 14:25:05 ossec-rootcheck(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> required'. >> 2013/05/06 14:25:18 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> required'. >> 2013/05/06 14:25:18 ossec-rootcheck(1211): ERROR: Unable to access queue: >> '/var/ossec/queue/ossec/queue'. Giving up.. >> ossec-syscheckd did not start >> >> >> >> On Mon, May 6, 2013 at 1:43 PM, dan (ddp) <[email protected]> wrote: >> >>> Either use bash or try the 2.7.1 alpha. The Solaris shell is ancient. >>> On May 6, 2013 2:39 PM, "David Juarez" <[email protected]> wrote: >>> >>>> Hello All - >>>> >>>> >>>> I am attempting a fresh install of OSSEC HIDS v2.7 in sol 10. I >>>> received the following error message.. >>>> >>>> "./install.sh: syntax error at line 142: `$' unexpected" >>>> >>>> any idea? >>>> I was able to install it successfully on RHEL v6.3.. >>>> >>>> Any recommendations are greatly appreciated it. >>>> >>>> Thanks. >>>> >>>> Regards, >>>> David Juarez >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "ossec-list" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>>> >>>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> >>> >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
