Dan, I am not making difficult.. those are errors received... yes, I added the client.. in fact.. Solaris 10 is the one that is causing this issues..
[root@syslog-rhel63-svr bin]# pwd /var/ossec/bin [root@syslog-rhel63-svr bin]# ./manage_agents **************************************** * OSSEC HIDS v2.6 Agent manager. * * The following options are available: * **************************************** (A)dd an agent (A). (E)xtract key for an agent (E). (L)ist already added agents (L). (R)emove an agent (R). (Q)uit. Choose your action: A,E,L,R or Q: L Available agents: ID: 001, Name: syslog-rhel63-client1, IP: 138.202.80.162 ID: 002, Name: obiwan.usfca.edu, IP: 138.202.81.50 ID: 004, Name: luke.usfca.edu, IP: 138.202.80.89 ** Press ENTER to return to the main menu. Please note Solaris 10 = ID: 004, Name: luke.usfca.edu, IP: 138.202.80.89 Thanks. D.J. On Tue, May 7, 2013 at 12:21 PM, dan (ddp) <[email protected]> wrote: > You're making this incredibly difficult. This should not be difficult. > > On Tue, May 7, 2013 at 3:12 PM, David Juarez <[email protected]> wrote: > > Hi Dan, > > > > I executed ./install.sh from where the install script is found. > > I noticed this error message from the logs.. very interesting... > > > > All right, forget about the install.sh script. I regret bringing it up. > _*-*_DOES THE server-ip EXIST IN THE AGENT'S OSSEC.CONF?_*-*_ > > If not, try adding it. > > > > > bash-4.2# cat ossec.log > > 2013/05/07 11:54:38 ossec-execd: INFO: Started (pid: 28936). > > 2013/05/07 11:54:38 ossec-agentd(1402): ERROR: Authentication key file > > '/var/ossec/etc/client .keys' not found. > > > > However !! > > > > /var/ossec/etc > > bash-4.2# ls -l client.keys > > -r--r----- 1 root ossec 98 May 7 12:00 client.keys > > bash-4.2# > > > > > > > > > > > > > > > > > > On Tue, May 7, 2013 at 12:05 PM, dan (ddp) <[email protected]> wrote: > >> > >> On Tue, May 7, 2013 at 3:02 PM, David Juarez <[email protected]> > wrote: > >> > Hello Dan, > >> > > >> > I upgraded bash ver 4.2 (Solaris 10) running OSSEC ver 2.7.1 alpha... > re > >> > installed the OSSEC software... still getting same error message... > >> > > >> > >> When you run "bash ./install.sh" you get the same error you did before > >> when using the solaris shell? > >> Did you try 2.7.1? > >> > >> > Note: key has been imported successfully to the agent..... from the > >> > master > >> > server... > >> > > >> > > >> > > >> > bash-4.2# pwd > >> > /var > >> > bash-4.2# date > >> > Tuesday, May 7, 2013 12:03:07 PM PDT > >> > bash-4.2# uname -n > >> > luke > >> > bash-4.2# /var/ossec/bin/ossec-control start > >> > Starting OSSEC HIDS v2.7.1-alpha-1 (by Trend Micro Inc.)... > >> > Deleting PID file '/var/ossec/var/run/ossec-logcollector-28976.pid' > not > >> > used... > >> > Deleting PID file '/var/ossec/var/run/ossec-agentd-28972.pid' not > >> > used... > >> > ossec-execd already running... > >> > Started ossec-agentd... > >> > Started ossec-logcollector... > >> > 2013/05/07 12:03:23 ossec-syscheckd(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >> > required'. > >> > 2013/05/07 12:03:23 ossec-rootcheck(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >> > required'. > >> > 2013/05/07 12:03:31 ossec-syscheckd(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >> > required'. > >> > 2013/05/07 12:03:31 ossec-rootcheck(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >> > required'. > >> > 2013/05/07 12:03:44 ossec-syscheckd(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >> > required'. > >> > 2013/05/07 12:03:44 ossec-rootcheck(1211): ERROR: Unable to access > >> > queue: > >> > '/var/ossec/queue/ossec/queue'. Giving up.. > >> > ossec-syscheckd did not start > >> > bash-4.2# > >> > > >> > > >> > > >> > > ############################################################################# > >> > > >> > > >> > > >> > bash-4.2# cat ossec.log > >> > 2013/05/07 11:54:38 ossec-execd: INFO: Started (pid: 28936). > >> > 2013/05/07 11:54:38 ossec-agentd(1402): ERROR: Authentication key file > >> > '/var/ossec/et c/client.keys' not found. > >> > 2013/05/07 11:54:38 ossec-agentd(1750): ERROR: No remote connection > >> > configured. Exiti ng. > >> > 2013/05/07 11:54:38 ossec-agentd(4109): ERROR: Unable to start without > >> > auth > >> > keys. Exi ting. > >> > 2013/05/07 12:00:32 ossec-agentd(1410): INFO: Reading authentication > >> > keys > >> > file. > >> > 2013/05/07 12:00:35 ossec-syscheckd(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> > address > >> > required'. > >> > 2013/05/07 12:00:35 ossec-rootcheck(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> > address > >> > required'. > >> > 2013/05/07 12:00:41 ossec-logcollector(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/qu eue' not accessible: 'Destination > >> > address > >> > required'. > >> > 2013/05/07 12:00:41 ossec-logcollector(1211): ERROR: Unable to access > >> > queue: > >> > '/var/os sec/queue/ossec/queue'. Giving up.. > >> > 2013/05/07 12:00:43 ossec-syscheckd(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> > address > >> > required'. > >> > 2013/05/07 12:00:43 ossec-rootcheck(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> > address > >> > required'. > >> > 2013/05/07 12:00:56 ossec-syscheckd(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> > address > >> > required'. > >> > 2013/05/07 12:00:56 ossec-rootcheck(1211): ERROR: Unable to access > >> > queue: > >> > '/var/ossec /queue/ossec/queue'. Giving up.. > >> > 2013/05/07 12:03:20 ossec-agentd(1410): INFO: Reading authentication > >> > keys > >> > file. > >> > 2013/05/07 12:03:20 ossec-agentd: INFO: No previous counter available > >> > for > >> > 'luke.usfca .edu'. > >> > 2013/05/07 12:03:20 ossec-agentd: INFO: Assigning counter for agent > >> > luke.usfca.edu: ' 0:0'. > >> > 2013/05/07 12:03:20 ossec-agentd: INFO: No previous sender counter. > >> > 2013/05/07 12:03:20 ossec-agentd: INFO: Assigning sender counter: 0:0 > >> > 2013/05/07 12:03:23 ossec-syscheckd(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> > address > >> > required'. > >> > 2013/05/07 12:03:23 ossec-rootcheck(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> > address > >> > required'. > >> > 2013/05/07 12:03:29 ossec-logcollector(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/qu eue' not accessible: 'Destination > >> > address > >> > required'. > >> > 2013/05/07 12:03:29 ossec-logcollector(1211): ERROR: Unable to access > >> > queue: > >> > '/var/os sec/queue/ossec/queue'. Giving up.. > >> > 2013/05/07 12:03:31 ossec-syscheckd(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> > address > >> > required'. > >> > 2013/05/07 12:03:31 ossec-rootcheck(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> > address > >> > required'. > >> > 2013/05/07 12:03:44 ossec-syscheckd(1210): ERROR: Queue > >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> > address > >> > required'. > >> > 2013/05/07 12:03:44 ossec-rootcheck(1211): ERROR: Unable to access > >> > queue: > >> > '/var/ossec /queue/ossec/queue'. Giving up.. > >> > bash-4.2# > >> > > >> > > >> > >> Does the server-ip exist in the agent' ossec.conf? > >> > >> > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > On Tue, May 7, 2013 at 3:29 AM, dan (ddp) <[email protected]> wrote: > >> >> > >> >> Make sure the server-ip made it into the ossec.conf > >> >> > >> >> On May 6, 2013 8:14 PM, "David Juarez" <[email protected]> wrote: > >> >>> > >> >>> Hi Dan, > >> >>> > >> >>> Many Thanks for your quick response.. I have installed OSSEC HIDS > >> >>> v2.7.1-alpha-1 (by Trend Micro Inc.)..., so far installation did not > >> >>> complained. I was able to register the agent (Sol10) on the > >> >>> master/server > >> >>> ... imported the certificate key on the agent, but when attempting > to > >> >>> start > >> >>> OSSEC I received the error messages below.. > >> >>> > >> >>> any suggestions? I am doing a research as well.. > >> >>> Thanks again !!! > >> >>> > >> >>> Kind regards, > >> >>> D.J. > >> >>> > >> >>> > >> >>> bash-3.00# ./ossec-control start > >> >>> Starting OSSEC HIDS v2.7.1-alpha-1 (by Trend Micro Inc.)... > >> >>> ossec-execd already running... > >> >>> Started ossec-agentd... > >> >>> Started ossec-logcollector... > >> >>> 2013/05/06 14:24:57 ossec-syscheckd(1210): ERROR: Queue > >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >> >>> required'. > >> >>> 2013/05/06 14:24:57 ossec-rootcheck(1210): ERROR: Queue > >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >> >>> required'. > >> >>> 2013/05/06 14:25:05 ossec-syscheckd(1210): ERROR: Queue > >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >> >>> required'. > >> >>> 2013/05/06 14:25:05 ossec-rootcheck(1210): ERROR: Queue > >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >> >>> required'. > >> >>> 2013/05/06 14:25:18 ossec-syscheckd(1210): ERROR: Queue > >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >> >>> required'. > >> >>> 2013/05/06 14:25:18 ossec-rootcheck(1211): ERROR: Unable to access > >> >>> queue: > >> >>> '/var/ossec/queue/ossec/queue'. Giving up.. > >> >>> ossec-syscheckd did not start > >> >>> > >> >>> > >> >>> > >> >>> On Mon, May 6, 2013 at 1:43 PM, dan (ddp) <[email protected]> wrote: > >> >>>> > >> >>>> Either use bash or try the 2.7.1 alpha. The Solaris shell is > ancient. > >> >>>> > >> >>>> On May 6, 2013 2:39 PM, "David Juarez" <[email protected]> wrote: > >> >>>>> > >> >>>>> Hello All - > >> >>>>> > >> >>>>> > >> >>>>> I am attempting a fresh install of OSSEC HIDS v2.7 in sol 10. I > >> >>>>> received the following error message.. > >> >>>>> > >> >>>>> "./install.sh: syntax error at line 142: `$' unexpected" > >> >>>>> > >> >>>>> any idea? > >> >>>>> I was able to install it successfully on RHEL v6.3.. > >> >>>>> > >> >>>>> Any recommendations are greatly appreciated it. > >> >>>>> > >> >>>>> Thanks. > >> >>>>> > >> >>>>> Regards, > >> >>>>> David Juarez > >> >>>>> > >> >>>>> -- > >> >>>>> > >> >>>>> --- > >> >>>>> You received this message because you are subscribed to the Google > >> >>>>> Groups "ossec-list" group. > >> >>>>> To unsubscribe from this group and stop receiving emails from it, > >> >>>>> send > >> >>>>> an email to [email protected]. > >> >>>>> For more options, visit https://groups.google.com/groups/opt_out. > >> >>>>> > >> >>>>> > >> >>>> > >> >>>> -- > >> >>>> > >> >>>> --- > >> >>>> You received this message because you are subscribed to the Google > >> >>>> Groups "ossec-list" group. > >> >>>> To unsubscribe from this group and stop receiving emails from it, > >> >>>> send > >> >>>> an email to [email protected]. > >> >>>> For more options, visit https://groups.google.com/groups/opt_out. > >> >>>> > >> >>>> > >> >>> > >> >>> > >> >>> -- > >> >>> > >> >>> --- > >> >>> You received this message because you are subscribed to the Google > >> >>> Groups > >> >>> "ossec-list" group. > >> >>> To unsubscribe from this group and stop receiving emails from it, > send > >> >>> an > >> >>> email to [email protected]. > >> >>> For more options, visit https://groups.google.com/groups/opt_out. > >> >>> > >> >>> > >> >> > >> >> -- > >> >> > >> >> --- > >> >> You received this message because you are subscribed to the Google > >> >> Groups > >> >> "ossec-list" group. > >> >> To unsubscribe from this group and stop receiving emails from it, > send > >> >> an > >> >> email to [email protected]. > >> >> For more options, visit https://groups.google.com/groups/opt_out. > >> >> > >> >> > >> > > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, send > >> > an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/groups/opt_out. > >> > > >> > > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected]. > >> For more options, visit https://groups.google.com/groups/opt_out. > >> > >> > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
