On Tue, May 7, 2013 at 3:02 PM, David Juarez <[email protected]> wrote: > Hello Dan, > > I upgraded bash ver 4.2 (Solaris 10) running OSSEC ver 2.7.1 alpha... re > installed the OSSEC software... still getting same error message... >
When you run "bash ./install.sh" you get the same error you did before when using the solaris shell? Did you try 2.7.1? > Note: key has been imported successfully to the agent..... from the master > server... > > > > bash-4.2# pwd > /var > bash-4.2# date > Tuesday, May 7, 2013 12:03:07 PM PDT > bash-4.2# uname -n > luke > bash-4.2# /var/ossec/bin/ossec-control start > Starting OSSEC HIDS v2.7.1-alpha-1 (by Trend Micro Inc.)... > Deleting PID file '/var/ossec/var/run/ossec-logcollector-28976.pid' not > used... > Deleting PID file '/var/ossec/var/run/ossec-agentd-28972.pid' not used... > ossec-execd already running... > Started ossec-agentd... > Started ossec-logcollector... > 2013/05/07 12:03:23 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > required'. > 2013/05/07 12:03:23 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > required'. > 2013/05/07 12:03:31 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > required'. > 2013/05/07 12:03:31 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > required'. > 2013/05/07 12:03:44 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > required'. > 2013/05/07 12:03:44 ossec-rootcheck(1211): ERROR: Unable to access queue: > '/var/ossec/queue/ossec/queue'. Giving up.. > ossec-syscheckd did not start > bash-4.2# > > > ############################################################################# > > > > bash-4.2# cat ossec.log > 2013/05/07 11:54:38 ossec-execd: INFO: Started (pid: 28936). > 2013/05/07 11:54:38 ossec-agentd(1402): ERROR: Authentication key file > '/var/ossec/et c/client.keys' not found. > 2013/05/07 11:54:38 ossec-agentd(1750): ERROR: No remote connection > configured. Exiti ng. > 2013/05/07 11:54:38 ossec-agentd(4109): ERROR: Unable to start without auth > keys. Exi ting. > 2013/05/07 12:00:32 ossec-agentd(1410): INFO: Reading authentication keys > file. > 2013/05/07 12:00:35 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address > required'. > 2013/05/07 12:00:35 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address > required'. > 2013/05/07 12:00:41 ossec-logcollector(1210): ERROR: Queue > '/var/ossec/queue/ossec/qu eue' not accessible: 'Destination address > required'. > 2013/05/07 12:00:41 ossec-logcollector(1211): ERROR: Unable to access queue: > '/var/os sec/queue/ossec/queue'. Giving up.. > 2013/05/07 12:00:43 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address > required'. > 2013/05/07 12:00:43 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address > required'. > 2013/05/07 12:00:56 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address > required'. > 2013/05/07 12:00:56 ossec-rootcheck(1211): ERROR: Unable to access queue: > '/var/ossec /queue/ossec/queue'. Giving up.. > 2013/05/07 12:03:20 ossec-agentd(1410): INFO: Reading authentication keys > file. > 2013/05/07 12:03:20 ossec-agentd: INFO: No previous counter available for > 'luke.usfca .edu'. > 2013/05/07 12:03:20 ossec-agentd: INFO: Assigning counter for agent > luke.usfca.edu: ' 0:0'. > 2013/05/07 12:03:20 ossec-agentd: INFO: No previous sender counter. > 2013/05/07 12:03:20 ossec-agentd: INFO: Assigning sender counter: 0:0 > 2013/05/07 12:03:23 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address > required'. > 2013/05/07 12:03:23 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address > required'. > 2013/05/07 12:03:29 ossec-logcollector(1210): ERROR: Queue > '/var/ossec/queue/ossec/qu eue' not accessible: 'Destination address > required'. > 2013/05/07 12:03:29 ossec-logcollector(1211): ERROR: Unable to access queue: > '/var/os sec/queue/ossec/queue'. Giving up.. > 2013/05/07 12:03:31 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address > required'. > 2013/05/07 12:03:31 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address > required'. > 2013/05/07 12:03:44 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination address > required'. > 2013/05/07 12:03:44 ossec-rootcheck(1211): ERROR: Unable to access queue: > '/var/ossec /queue/ossec/queue'. Giving up.. > bash-4.2# > > Does the server-ip exist in the agent' ossec.conf? > > > > > > > > > > > > On Tue, May 7, 2013 at 3:29 AM, dan (ddp) <[email protected]> wrote: >> >> Make sure the server-ip made it into the ossec.conf >> >> On May 6, 2013 8:14 PM, "David Juarez" <[email protected]> wrote: >>> >>> Hi Dan, >>> >>> Many Thanks for your quick response.. I have installed OSSEC HIDS >>> v2.7.1-alpha-1 (by Trend Micro Inc.)..., so far installation did not >>> complained. I was able to register the agent (Sol10) on the master/server >>> ... imported the certificate key on the agent, but when attempting to start >>> OSSEC I received the error messages below.. >>> >>> any suggestions? I am doing a research as well.. >>> Thanks again !!! >>> >>> Kind regards, >>> D.J. >>> >>> >>> bash-3.00# ./ossec-control start >>> Starting OSSEC HIDS v2.7.1-alpha-1 (by Trend Micro Inc.)... >>> ossec-execd already running... >>> Started ossec-agentd... >>> Started ossec-logcollector... >>> 2013/05/06 14:24:57 ossec-syscheckd(1210): ERROR: Queue >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >>> required'. >>> 2013/05/06 14:24:57 ossec-rootcheck(1210): ERROR: Queue >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >>> required'. >>> 2013/05/06 14:25:05 ossec-syscheckd(1210): ERROR: Queue >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >>> required'. >>> 2013/05/06 14:25:05 ossec-rootcheck(1210): ERROR: Queue >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >>> required'. >>> 2013/05/06 14:25:18 ossec-syscheckd(1210): ERROR: Queue >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >>> required'. >>> 2013/05/06 14:25:18 ossec-rootcheck(1211): ERROR: Unable to access queue: >>> '/var/ossec/queue/ossec/queue'. Giving up.. >>> ossec-syscheckd did not start >>> >>> >>> >>> On Mon, May 6, 2013 at 1:43 PM, dan (ddp) <[email protected]> wrote: >>>> >>>> Either use bash or try the 2.7.1 alpha. The Solaris shell is ancient. >>>> >>>> On May 6, 2013 2:39 PM, "David Juarez" <[email protected]> wrote: >>>>> >>>>> Hello All - >>>>> >>>>> >>>>> I am attempting a fresh install of OSSEC HIDS v2.7 in sol 10. I >>>>> received the following error message.. >>>>> >>>>> "./install.sh: syntax error at line 142: `$' unexpected" >>>>> >>>>> any idea? >>>>> I was able to install it successfully on RHEL v6.3.. >>>>> >>>>> Any recommendations are greatly appreciated it. >>>>> >>>>> Thanks. >>>>> >>>>> Regards, >>>>> David Juarez >>>>> >>>>> -- >>>>> >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "ossec-list" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>> >>>>> >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "ossec-list" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>>> >>> >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
