Hi Dan, I executed ./install.sh from where the install script is found. I noticed this error message from the logs.. very interesting...
bash-4.2# cat ossec.log 2013/05/07 11:54:38 ossec-execd: INFO: Started (pid: 28936). 2013/05/07 11:54:38 ossec-agentd(1402): ERROR: Authentication key file '/var/ossec/etc/client .keys' not found. However !! /var/ossec/etc bash-4.2# ls -l client.keys -r--r----- 1 root ossec 98 May 7 12:00 client.keys bash-4.2# On Tue, May 7, 2013 at 12:05 PM, dan (ddp) <[email protected]> wrote: > On Tue, May 7, 2013 at 3:02 PM, David Juarez <[email protected]> wrote: > > Hello Dan, > > > > I upgraded bash ver 4.2 (Solaris 10) running OSSEC ver 2.7.1 alpha... re > > installed the OSSEC software... still getting same error message... > > > > When you run "bash ./install.sh" you get the same error you did before > when using the solaris shell? > Did you try 2.7.1? > > > Note: key has been imported successfully to the agent..... from the > master > > server... > > > > > > > > bash-4.2# pwd > > /var > > bash-4.2# date > > Tuesday, May 7, 2013 12:03:07 PM PDT > > bash-4.2# uname -n > > luke > > bash-4.2# /var/ossec/bin/ossec-control start > > Starting OSSEC HIDS v2.7.1-alpha-1 (by Trend Micro Inc.)... > > Deleting PID file '/var/ossec/var/run/ossec-logcollector-28976.pid' not > > used... > > Deleting PID file '/var/ossec/var/run/ossec-agentd-28972.pid' not used... > > ossec-execd already running... > > Started ossec-agentd... > > Started ossec-logcollector... > > 2013/05/07 12:03:23 ossec-syscheckd(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > > required'. > > 2013/05/07 12:03:23 ossec-rootcheck(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > > required'. > > 2013/05/07 12:03:31 ossec-syscheckd(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > > required'. > > 2013/05/07 12:03:31 ossec-rootcheck(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > > required'. > > 2013/05/07 12:03:44 ossec-syscheckd(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > > required'. > > 2013/05/07 12:03:44 ossec-rootcheck(1211): ERROR: Unable to access queue: > > '/var/ossec/queue/ossec/queue'. Giving up.. > > ossec-syscheckd did not start > > bash-4.2# > > > > > > > ############################################################################# > > > > > > > > bash-4.2# cat ossec.log > > 2013/05/07 11:54:38 ossec-execd: INFO: Started (pid: 28936). > > 2013/05/07 11:54:38 ossec-agentd(1402): ERROR: Authentication key file > > '/var/ossec/et c/client.keys' not found. > > 2013/05/07 11:54:38 ossec-agentd(1750): ERROR: No remote connection > > configured. Exiti ng. > > 2013/05/07 11:54:38 ossec-agentd(4109): ERROR: Unable to start without > auth > > keys. Exi ting. > > 2013/05/07 12:00:32 ossec-agentd(1410): INFO: Reading authentication keys > > file. > > 2013/05/07 12:00:35 ossec-syscheckd(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > address > > required'. > > 2013/05/07 12:00:35 ossec-rootcheck(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > address > > required'. > > 2013/05/07 12:00:41 ossec-logcollector(1210): ERROR: Queue > > '/var/ossec/queue/ossec/qu eue' not accessible: 'Destination > address > > required'. > > 2013/05/07 12:00:41 ossec-logcollector(1211): ERROR: Unable to access > queue: > > '/var/os sec/queue/ossec/queue'. Giving up.. > > 2013/05/07 12:00:43 ossec-syscheckd(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > address > > required'. > > 2013/05/07 12:00:43 ossec-rootcheck(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > address > > required'. > > 2013/05/07 12:00:56 ossec-syscheckd(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > address > > required'. > > 2013/05/07 12:00:56 ossec-rootcheck(1211): ERROR: Unable to access queue: > > '/var/ossec /queue/ossec/queue'. Giving up.. > > 2013/05/07 12:03:20 ossec-agentd(1410): INFO: Reading authentication keys > > file. > > 2013/05/07 12:03:20 ossec-agentd: INFO: No previous counter available for > > 'luke.usfca .edu'. > > 2013/05/07 12:03:20 ossec-agentd: INFO: Assigning counter for agent > > luke.usfca.edu: ' 0:0'. > > 2013/05/07 12:03:20 ossec-agentd: INFO: No previous sender counter. > > 2013/05/07 12:03:20 ossec-agentd: INFO: Assigning sender counter: 0:0 > > 2013/05/07 12:03:23 ossec-syscheckd(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > address > > required'. > > 2013/05/07 12:03:23 ossec-rootcheck(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > address > > required'. > > 2013/05/07 12:03:29 ossec-logcollector(1210): ERROR: Queue > > '/var/ossec/queue/ossec/qu eue' not accessible: 'Destination > address > > required'. > > 2013/05/07 12:03:29 ossec-logcollector(1211): ERROR: Unable to access > queue: > > '/var/os sec/queue/ossec/queue'. Giving up.. > > 2013/05/07 12:03:31 ossec-syscheckd(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > address > > required'. > > 2013/05/07 12:03:31 ossec-rootcheck(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > address > > required'. > > 2013/05/07 12:03:44 ossec-syscheckd(1210): ERROR: Queue > > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > address > > required'. > > 2013/05/07 12:03:44 ossec-rootcheck(1211): ERROR: Unable to access queue: > > '/var/ossec /queue/ossec/queue'. Giving up.. > > bash-4.2# > > > > > > Does the server-ip exist in the agent' ossec.conf? > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, May 7, 2013 at 3:29 AM, dan (ddp) <[email protected]> wrote: > >> > >> Make sure the server-ip made it into the ossec.conf > >> > >> On May 6, 2013 8:14 PM, "David Juarez" <[email protected]> wrote: > >>> > >>> Hi Dan, > >>> > >>> Many Thanks for your quick response.. I have installed OSSEC HIDS > >>> v2.7.1-alpha-1 (by Trend Micro Inc.)..., so far installation did not > >>> complained. I was able to register the agent (Sol10) on the > master/server > >>> ... imported the certificate key on the agent, but when attempting to > start > >>> OSSEC I received the error messages below.. > >>> > >>> any suggestions? I am doing a research as well.. > >>> Thanks again !!! > >>> > >>> Kind regards, > >>> D.J. > >>> > >>> > >>> bash-3.00# ./ossec-control start > >>> Starting OSSEC HIDS v2.7.1-alpha-1 (by Trend Micro Inc.)... > >>> ossec-execd already running... > >>> Started ossec-agentd... > >>> Started ossec-logcollector... > >>> 2013/05/06 14:24:57 ossec-syscheckd(1210): ERROR: Queue > >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >>> required'. > >>> 2013/05/06 14:24:57 ossec-rootcheck(1210): ERROR: Queue > >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >>> required'. > >>> 2013/05/06 14:25:05 ossec-syscheckd(1210): ERROR: Queue > >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >>> required'. > >>> 2013/05/06 14:25:05 ossec-rootcheck(1210): ERROR: Queue > >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >>> required'. > >>> 2013/05/06 14:25:18 ossec-syscheckd(1210): ERROR: Queue > >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >>> required'. > >>> 2013/05/06 14:25:18 ossec-rootcheck(1211): ERROR: Unable to access > queue: > >>> '/var/ossec/queue/ossec/queue'. Giving up.. > >>> ossec-syscheckd did not start > >>> > >>> > >>> > >>> On Mon, May 6, 2013 at 1:43 PM, dan (ddp) <[email protected]> wrote: > >>>> > >>>> Either use bash or try the 2.7.1 alpha. The Solaris shell is ancient. > >>>> > >>>> On May 6, 2013 2:39 PM, "David Juarez" <[email protected]> wrote: > >>>>> > >>>>> Hello All - > >>>>> > >>>>> > >>>>> I am attempting a fresh install of OSSEC HIDS v2.7 in sol 10. I > >>>>> received the following error message.. > >>>>> > >>>>> "./install.sh: syntax error at line 142: `$' unexpected" > >>>>> > >>>>> any idea? > >>>>> I was able to install it successfully on RHEL v6.3.. > >>>>> > >>>>> Any recommendations are greatly appreciated it. > >>>>> > >>>>> Thanks. > >>>>> > >>>>> Regards, > >>>>> David Juarez > >>>>> > >>>>> -- > >>>>> > >>>>> --- > >>>>> You received this message because you are subscribed to the Google > >>>>> Groups "ossec-list" group. > >>>>> To unsubscribe from this group and stop receiving emails from it, > send > >>>>> an email to [email protected]. > >>>>> For more options, visit https://groups.google.com/groups/opt_out. > >>>>> > >>>>> > >>>> > >>>> -- > >>>> > >>>> --- > >>>> You received this message because you are subscribed to the Google > >>>> Groups "ossec-list" group. > >>>> To unsubscribe from this group and stop receiving emails from it, send > >>>> an email to [email protected]. > >>>> For more options, visit https://groups.google.com/groups/opt_out. > >>>> > >>>> > >>> > >>> > >>> -- > >>> > >>> --- > >>> You received this message because you are subscribed to the Google > Groups > >>> "ossec-list" group. > >>> To unsubscribe from this group and stop receiving emails from it, send > an > >>> email to [email protected]. > >>> For more options, visit https://groups.google.com/groups/opt_out. > >>> > >>> > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected]. > >> For more options, visit https://groups.google.com/groups/opt_out. > >> > >> > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
