You're making this incredibly difficult. This should not be difficult. On Tue, May 7, 2013 at 3:12 PM, David Juarez <[email protected]> wrote: > Hi Dan, > > I executed ./install.sh from where the install script is found. > I noticed this error message from the logs.. very interesting... >
All right, forget about the install.sh script. I regret bringing it up. _*-*_DOES THE server-ip EXIST IN THE AGENT'S OSSEC.CONF?_*-*_ If not, try adding it. > > bash-4.2# cat ossec.log > 2013/05/07 11:54:38 ossec-execd: INFO: Started (pid: 28936). > 2013/05/07 11:54:38 ossec-agentd(1402): ERROR: Authentication key file > '/var/ossec/etc/client .keys' not found. > > However !! > > /var/ossec/etc > bash-4.2# ls -l client.keys > -r--r----- 1 root ossec 98 May 7 12:00 client.keys > bash-4.2# > > > > > > > > > On Tue, May 7, 2013 at 12:05 PM, dan (ddp) <[email protected]> wrote: >> >> On Tue, May 7, 2013 at 3:02 PM, David Juarez <[email protected]> wrote: >> > Hello Dan, >> > >> > I upgraded bash ver 4.2 (Solaris 10) running OSSEC ver 2.7.1 alpha... re >> > installed the OSSEC software... still getting same error message... >> > >> >> When you run "bash ./install.sh" you get the same error you did before >> when using the solaris shell? >> Did you try 2.7.1? >> >> > Note: key has been imported successfully to the agent..... from the >> > master >> > server... >> > >> > >> > >> > bash-4.2# pwd >> > /var >> > bash-4.2# date >> > Tuesday, May 7, 2013 12:03:07 PM PDT >> > bash-4.2# uname -n >> > luke >> > bash-4.2# /var/ossec/bin/ossec-control start >> > Starting OSSEC HIDS v2.7.1-alpha-1 (by Trend Micro Inc.)... >> > Deleting PID file '/var/ossec/var/run/ossec-logcollector-28976.pid' not >> > used... >> > Deleting PID file '/var/ossec/var/run/ossec-agentd-28972.pid' not >> > used... >> > ossec-execd already running... >> > Started ossec-agentd... >> > Started ossec-logcollector... >> > 2013/05/07 12:03:23 ossec-syscheckd(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> > required'. >> > 2013/05/07 12:03:23 ossec-rootcheck(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> > required'. >> > 2013/05/07 12:03:31 ossec-syscheckd(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> > required'. >> > 2013/05/07 12:03:31 ossec-rootcheck(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> > required'. >> > 2013/05/07 12:03:44 ossec-syscheckd(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> > required'. >> > 2013/05/07 12:03:44 ossec-rootcheck(1211): ERROR: Unable to access >> > queue: >> > '/var/ossec/queue/ossec/queue'. Giving up.. >> > ossec-syscheckd did not start >> > bash-4.2# >> > >> > >> > >> > ############################################################################# >> > >> > >> > >> > bash-4.2# cat ossec.log >> > 2013/05/07 11:54:38 ossec-execd: INFO: Started (pid: 28936). >> > 2013/05/07 11:54:38 ossec-agentd(1402): ERROR: Authentication key file >> > '/var/ossec/et c/client.keys' not found. >> > 2013/05/07 11:54:38 ossec-agentd(1750): ERROR: No remote connection >> > configured. Exiti ng. >> > 2013/05/07 11:54:38 ossec-agentd(4109): ERROR: Unable to start without >> > auth >> > keys. Exi ting. >> > 2013/05/07 12:00:32 ossec-agentd(1410): INFO: Reading authentication >> > keys >> > file. >> > 2013/05/07 12:00:35 ossec-syscheckd(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> > address >> > required'. >> > 2013/05/07 12:00:35 ossec-rootcheck(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> > address >> > required'. >> > 2013/05/07 12:00:41 ossec-logcollector(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/qu eue' not accessible: 'Destination >> > address >> > required'. >> > 2013/05/07 12:00:41 ossec-logcollector(1211): ERROR: Unable to access >> > queue: >> > '/var/os sec/queue/ossec/queue'. Giving up.. >> > 2013/05/07 12:00:43 ossec-syscheckd(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> > address >> > required'. >> > 2013/05/07 12:00:43 ossec-rootcheck(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> > address >> > required'. >> > 2013/05/07 12:00:56 ossec-syscheckd(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> > address >> > required'. >> > 2013/05/07 12:00:56 ossec-rootcheck(1211): ERROR: Unable to access >> > queue: >> > '/var/ossec /queue/ossec/queue'. Giving up.. >> > 2013/05/07 12:03:20 ossec-agentd(1410): INFO: Reading authentication >> > keys >> > file. >> > 2013/05/07 12:03:20 ossec-agentd: INFO: No previous counter available >> > for >> > 'luke.usfca .edu'. >> > 2013/05/07 12:03:20 ossec-agentd: INFO: Assigning counter for agent >> > luke.usfca.edu: ' 0:0'. >> > 2013/05/07 12:03:20 ossec-agentd: INFO: No previous sender counter. >> > 2013/05/07 12:03:20 ossec-agentd: INFO: Assigning sender counter: 0:0 >> > 2013/05/07 12:03:23 ossec-syscheckd(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> > address >> > required'. >> > 2013/05/07 12:03:23 ossec-rootcheck(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> > address >> > required'. >> > 2013/05/07 12:03:29 ossec-logcollector(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/qu eue' not accessible: 'Destination >> > address >> > required'. >> > 2013/05/07 12:03:29 ossec-logcollector(1211): ERROR: Unable to access >> > queue: >> > '/var/os sec/queue/ossec/queue'. Giving up.. >> > 2013/05/07 12:03:31 ossec-syscheckd(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> > address >> > required'. >> > 2013/05/07 12:03:31 ossec-rootcheck(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> > address >> > required'. >> > 2013/05/07 12:03:44 ossec-syscheckd(1210): ERROR: Queue >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> > address >> > required'. >> > 2013/05/07 12:03:44 ossec-rootcheck(1211): ERROR: Unable to access >> > queue: >> > '/var/ossec /queue/ossec/queue'. Giving up.. >> > bash-4.2# >> > >> > >> >> Does the server-ip exist in the agent' ossec.conf? >> >> >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > On Tue, May 7, 2013 at 3:29 AM, dan (ddp) <[email protected]> wrote: >> >> >> >> Make sure the server-ip made it into the ossec.conf >> >> >> >> On May 6, 2013 8:14 PM, "David Juarez" <[email protected]> wrote: >> >>> >> >>> Hi Dan, >> >>> >> >>> Many Thanks for your quick response.. I have installed OSSEC HIDS >> >>> v2.7.1-alpha-1 (by Trend Micro Inc.)..., so far installation did not >> >>> complained. I was able to register the agent (Sol10) on the >> >>> master/server >> >>> ... imported the certificate key on the agent, but when attempting to >> >>> start >> >>> OSSEC I received the error messages below.. >> >>> >> >>> any suggestions? I am doing a research as well.. >> >>> Thanks again !!! >> >>> >> >>> Kind regards, >> >>> D.J. >> >>> >> >>> >> >>> bash-3.00# ./ossec-control start >> >>> Starting OSSEC HIDS v2.7.1-alpha-1 (by Trend Micro Inc.)... >> >>> ossec-execd already running... >> >>> Started ossec-agentd... >> >>> Started ossec-logcollector... >> >>> 2013/05/06 14:24:57 ossec-syscheckd(1210): ERROR: Queue >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> >>> required'. >> >>> 2013/05/06 14:24:57 ossec-rootcheck(1210): ERROR: Queue >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> >>> required'. >> >>> 2013/05/06 14:25:05 ossec-syscheckd(1210): ERROR: Queue >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> >>> required'. >> >>> 2013/05/06 14:25:05 ossec-rootcheck(1210): ERROR: Queue >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> >>> required'. >> >>> 2013/05/06 14:25:18 ossec-syscheckd(1210): ERROR: Queue >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> >>> required'. >> >>> 2013/05/06 14:25:18 ossec-rootcheck(1211): ERROR: Unable to access >> >>> queue: >> >>> '/var/ossec/queue/ossec/queue'. Giving up.. >> >>> ossec-syscheckd did not start >> >>> >> >>> >> >>> >> >>> On Mon, May 6, 2013 at 1:43 PM, dan (ddp) <[email protected]> wrote: >> >>>> >> >>>> Either use bash or try the 2.7.1 alpha. The Solaris shell is ancient. >> >>>> >> >>>> On May 6, 2013 2:39 PM, "David Juarez" <[email protected]> wrote: >> >>>>> >> >>>>> Hello All - >> >>>>> >> >>>>> >> >>>>> I am attempting a fresh install of OSSEC HIDS v2.7 in sol 10. I >> >>>>> received the following error message.. >> >>>>> >> >>>>> "./install.sh: syntax error at line 142: `$' unexpected" >> >>>>> >> >>>>> any idea? >> >>>>> I was able to install it successfully on RHEL v6.3.. >> >>>>> >> >>>>> Any recommendations are greatly appreciated it. >> >>>>> >> >>>>> Thanks. >> >>>>> >> >>>>> Regards, >> >>>>> David Juarez >> >>>>> >> >>>>> -- >> >>>>> >> >>>>> --- >> >>>>> You received this message because you are subscribed to the Google >> >>>>> Groups "ossec-list" group. >> >>>>> To unsubscribe from this group and stop receiving emails from it, >> >>>>> send >> >>>>> an email to [email protected]. >> >>>>> For more options, visit https://groups.google.com/groups/opt_out. >> >>>>> >> >>>>> >> >>>> >> >>>> -- >> >>>> >> >>>> --- >> >>>> You received this message because you are subscribed to the Google >> >>>> Groups "ossec-list" group. >> >>>> To unsubscribe from this group and stop receiving emails from it, >> >>>> send >> >>>> an email to [email protected]. >> >>>> For more options, visit https://groups.google.com/groups/opt_out. >> >>>> >> >>>> >> >>> >> >>> >> >>> -- >> >>> >> >>> --- >> >>> You received this message because you are subscribed to the Google >> >>> Groups >> >>> "ossec-list" group. >> >>> To unsubscribe from this group and stop receiving emails from it, send >> >>> an >> >>> email to [email protected]. >> >>> For more options, visit https://groups.google.com/groups/opt_out. >> >>> >> >>> >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to the Google >> >> Groups >> >> "ossec-list" group. >> >> To unsubscribe from this group and stop receiving emails from it, send >> >> an >> >> email to [email protected]. >> >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> >> >> > >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
