On May 7, 2013 4:20 PM, "David Juarez" <[email protected]> wrote: > > Dan, > > I am not making difficult.. those are errors received... yes, I added the client.. in fact.. Solaris 10 is the one that is causing this issues.. >
My apologies. I'll try to simplify this further because I _really_ want to know the answer this my question. Please send your agent's ossec.conf. > > [root@syslog-rhel63-svr bin]# pwd > /var/ossec/bin > [root@syslog-rhel63-svr bin]# ./manage_agents > > > **************************************** > * OSSEC HIDS v2.6 Agent manager. * > * The following options are available: * > **************************************** > (A)dd an agent (A). > (E)xtract key for an agent (E). > (L)ist already added agents (L). > (R)emove an agent (R). > (Q)uit. > Choose your action: A,E,L,R or Q: L > > Available agents: > ID: 001, Name: syslog-rhel63-client1, IP: 138.202.80.162 > ID: 002, Name: obiwan.usfca.edu, IP: 138.202.81.50 > ID: 004, Name: luke.usfca.edu, IP: 138.202.80.89 > > ** Press ENTER to return to the main menu. > > Please note Solaris 10 = ID: 004, Name: luke.usfca.edu, IP: 138.202.80.89 > > Thanks. > > D.J. > > > > > > > > > On Tue, May 7, 2013 at 12:21 PM, dan (ddp) <[email protected]> wrote: >> >> You're making this incredibly difficult. This should not be difficult. >> >> On Tue, May 7, 2013 at 3:12 PM, David Juarez <[email protected]> wrote: >> > Hi Dan, >> > >> > I executed ./install.sh from where the install script is found. >> > I noticed this error message from the logs.. very interesting... >> > >> >> All right, forget about the install.sh script. I regret bringing it up. >> _*-*_DOES THE server-ip EXIST IN THE AGENT'S OSSEC.CONF?_*-*_ >> >> If not, try adding it. >> >> > >> > bash-4.2# cat ossec.log >> > 2013/05/07 11:54:38 ossec-execd: INFO: Started (pid: 28936). >> > 2013/05/07 11:54:38 ossec-agentd(1402): ERROR: Authentication key file >> > '/var/ossec/etc/client .keys' not found. >> > >> > However !! >> > >> > /var/ossec/etc >> > bash-4.2# ls -l client.keys >> > -r--r----- 1 root ossec 98 May 7 12:00 client.keys >> > bash-4.2# >> > >> > >> > >> > >> > >> > >> > >> > >> > On Tue, May 7, 2013 at 12:05 PM, dan (ddp) <[email protected]> wrote: >> >> >> >> On Tue, May 7, 2013 at 3:02 PM, David Juarez <[email protected]> wrote: >> >> > Hello Dan, >> >> > >> >> > I upgraded bash ver 4.2 (Solaris 10) running OSSEC ver 2.7.1 alpha... re >> >> > installed the OSSEC software... still getting same error message... >> >> > >> >> >> >> When you run "bash ./install.sh" you get the same error you did before >> >> when using the solaris shell? >> >> Did you try 2.7.1? >> >> >> >> > Note: key has been imported successfully to the agent..... from the >> >> > master >> >> > server... >> >> > >> >> > >> >> > >> >> > bash-4.2# pwd >> >> > /var >> >> > bash-4.2# date >> >> > Tuesday, May 7, 2013 12:03:07 PM PDT >> >> > bash-4.2# uname -n >> >> > luke >> >> > bash-4.2# /var/ossec/bin/ossec-control start >> >> > Starting OSSEC HIDS v2.7.1-alpha-1 (by Trend Micro Inc.)... >> >> > Deleting PID file '/var/ossec/var/run/ossec-logcollector-28976.pid' not >> >> > used... >> >> > Deleting PID file '/var/ossec/var/run/ossec-agentd-28972.pid' not >> >> > used... >> >> > ossec-execd already running... >> >> > Started ossec-agentd... >> >> > Started ossec-logcollector... >> >> > 2013/05/07 12:03:23 ossec-syscheckd(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> >> > required'. >> >> > 2013/05/07 12:03:23 ossec-rootcheck(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> >> > required'. >> >> > 2013/05/07 12:03:31 ossec-syscheckd(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> >> > required'. >> >> > 2013/05/07 12:03:31 ossec-rootcheck(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> >> > required'. >> >> > 2013/05/07 12:03:44 ossec-syscheckd(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> >> > required'. >> >> > 2013/05/07 12:03:44 ossec-rootcheck(1211): ERROR: Unable to access >> >> > queue: >> >> > '/var/ossec/queue/ossec/queue'. Giving up.. >> >> > ossec-syscheckd did not start >> >> > bash-4.2# >> >> > >> >> > >> >> > >> >> > ############################################################################# >> >> > >> >> > >> >> > >> >> > bash-4.2# cat ossec.log >> >> > 2013/05/07 11:54:38 ossec-execd: INFO: Started (pid: 28936). >> >> > 2013/05/07 11:54:38 ossec-agentd(1402): ERROR: Authentication key file >> >> > '/var/ossec/et c/client.keys' not found. >> >> > 2013/05/07 11:54:38 ossec-agentd(1750): ERROR: No remote connection >> >> > configured. Exiti ng. >> >> > 2013/05/07 11:54:38 ossec-agentd(4109): ERROR: Unable to start without >> >> > auth >> >> > keys. Exi ting. >> >> > 2013/05/07 12:00:32 ossec-agentd(1410): INFO: Reading authentication >> >> > keys >> >> > file. >> >> > 2013/05/07 12:00:35 ossec-syscheckd(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> >> > address >> >> > required'. >> >> > 2013/05/07 12:00:35 ossec-rootcheck(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> >> > address >> >> > required'. >> >> > 2013/05/07 12:00:41 ossec-logcollector(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/qu eue' not accessible: 'Destination >> >> > address >> >> > required'. >> >> > 2013/05/07 12:00:41 ossec-logcollector(1211): ERROR: Unable to access >> >> > queue: >> >> > '/var/os sec/queue/ossec/queue'. Giving up.. >> >> > 2013/05/07 12:00:43 ossec-syscheckd(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> >> > address >> >> > required'. >> >> > 2013/05/07 12:00:43 ossec-rootcheck(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> >> > address >> >> > required'. >> >> > 2013/05/07 12:00:56 ossec-syscheckd(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> >> > address >> >> > required'. >> >> > 2013/05/07 12:00:56 ossec-rootcheck(1211): ERROR: Unable to access >> >> > queue: >> >> > '/var/ossec /queue/ossec/queue'. Giving up.. >> >> > 2013/05/07 12:03:20 ossec-agentd(1410): INFO: Reading authentication >> >> > keys >> >> > file. >> >> > 2013/05/07 12:03:20 ossec-agentd: INFO: No previous counter available >> >> > for >> >> > 'luke.usfca .edu'. >> >> > 2013/05/07 12:03:20 ossec-agentd: INFO: Assigning counter for agent >> >> > luke.usfca.edu: ' 0:0'. >> >> > 2013/05/07 12:03:20 ossec-agentd: INFO: No previous sender counter. >> >> > 2013/05/07 12:03:20 ossec-agentd: INFO: Assigning sender counter: 0:0 >> >> > 2013/05/07 12:03:23 ossec-syscheckd(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> >> > address >> >> > required'. >> >> > 2013/05/07 12:03:23 ossec-rootcheck(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> >> > address >> >> > required'. >> >> > 2013/05/07 12:03:29 ossec-logcollector(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/qu eue' not accessible: 'Destination >> >> > address >> >> > required'. >> >> > 2013/05/07 12:03:29 ossec-logcollector(1211): ERROR: Unable to access >> >> > queue: >> >> > '/var/os sec/queue/ossec/queue'. Giving up.. >> >> > 2013/05/07 12:03:31 ossec-syscheckd(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> >> > address >> >> > required'. >> >> > 2013/05/07 12:03:31 ossec-rootcheck(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> >> > address >> >> > required'. >> >> > 2013/05/07 12:03:44 ossec-syscheckd(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination >> >> > address >> >> > required'. >> >> > 2013/05/07 12:03:44 ossec-rootcheck(1211): ERROR: Unable to access >> >> > queue: >> >> > '/var/ossec /queue/ossec/queue'. Giving up.. >> >> > bash-4.2# >> >> > >> >> > >> >> >> >> Does the server-ip exist in the agent' ossec.conf? >> >> >> >> >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > On Tue, May 7, 2013 at 3:29 AM, dan (ddp) <[email protected]> wrote: >> >> >> >> >> >> Make sure the server-ip made it into the ossec.conf >> >> >> >> >> >> On May 6, 2013 8:14 PM, "David Juarez" <[email protected]> wrote: >> >> >>> >> >> >>> Hi Dan, >> >> >>> >> >> >>> Many Thanks for your quick response.. I have installed OSSEC HIDS >> >> >>> v2.7.1-alpha-1 (by Trend Micro Inc.)..., so far installation did not >> >> >>> complained. I was able to register the agent (Sol10) on the >> >> >>> master/server >> >> >>> ... imported the certificate key on the agent, but when attempting to >> >> >>> start >> >> >>> OSSEC I received the error messages below.. >> >> >>> >> >> >>> any suggestions? I am doing a research as well.. >> >> >>> Thanks again !!! >> >> >>> >> >> >>> Kind regards, >> >> >>> D.J. >> >> >>> >> >> >>> >> >> >>> bash-3.00# ./ossec-control start >> >> >>> Starting OSSEC HIDS v2.7.1-alpha-1 (by Trend Micro Inc.)... >> >> >>> ossec-execd already running... >> >> >>> Started ossec-agentd... >> >> >>> Started ossec-logcollector... >> >> >>> 2013/05/06 14:24:57 ossec-syscheckd(1210): ERROR: Queue >> >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> >> >>> required'. >> >> >>> 2013/05/06 14:24:57 ossec-rootcheck(1210): ERROR: Queue >> >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> >> >>> required'. >> >> >>> 2013/05/06 14:25:05 ossec-syscheckd(1210): ERROR: Queue >> >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> >> >>> required'. >> >> >>> 2013/05/06 14:25:05 ossec-rootcheck(1210): ERROR: Queue >> >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> >> >>> required'. >> >> >>> 2013/05/06 14:25:18 ossec-syscheckd(1210): ERROR: Queue >> >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination address >> >> >>> required'. >> >> >>> 2013/05/06 14:25:18 ossec-rootcheck(1211): ERROR: Unable to access >> >> >>> queue: >> >> >>> '/var/ossec/queue/ossec/queue'. Giving up.. >> >> >>> ossec-syscheckd did not start >> >> >>> >> >> >>> >> >> >>> >> >> >>> On Mon, May 6, 2013 at 1:43 PM, dan (ddp) <[email protected]> wrote: >> >> >>>> >> >> >>>> Either use bash or try the 2.7.1 alpha. The Solaris shell is ancient. >> >> >>>> >> >> >>>> On May 6, 2013 2:39 PM, "David Juarez" <[email protected]> wrote: >> >> >>>>> >> >> >>>>> Hello All - >> >> >>>>> >> >> >>>>> >> >> >>>>> I am attempting a fresh install of OSSEC HIDS v2.7 in sol 10. I >> >> >>>>> received the following error message.. >> >> >>>>> >> >> >>>>> "./install.sh: syntax error at line 142: `$' unexpected" >> >> >>>>> >> >> >>>>> any idea? >> >> >>>>> I was able to install it successfully on RHEL v6.3.. >> >> >>>>> >> >> >>>>> Any recommendations are greatly appreciated it. >> >> >>>>> >> >> >>>>> Thanks. >> >> >>>>> >> >> >>>>> Regards, >> >> >>>>> David Juarez >> >> >>>>> >> >> >>>>> -- >> >> >>>>> >> >> >>>>> --- >> >> >>>>> You received this message because you are subscribed to the Google >> >> >>>>> Groups "ossec-list" group. >> >> >>>>> To unsubscribe from this group and stop receiving emails from it, >> >> >>>>> send >> >> >>>>> an email to [email protected]. >> >> >>>>> For more options, visit https://groups.google.com/groups/opt_out . >> >> >>>>> >> >> >>>>> >> >> >>>> >> >> >>>> -- >> >> >>>> >> >> >>>> --- >> >> >>>> You received this message because you are subscribed to the Google >> >> >>>> Groups "ossec-list" group. >> >> >>>> To unsubscribe from this group and stop receiving emails from it, >> >> >>>> send >> >> >>>> an email to [email protected]. >> >> >>>> For more options, visit https://groups.google.com/groups/opt_out. >> >> >>>> >> >> >>>> >> >> >>> >> >> >>> >> >> >>> -- >> >> >>> >> >> >>> --- >> >> >>> You received this message because you are subscribed to the Google >> >> >>> Groups >> >> >>> "ossec-list" group. >> >> >>> To unsubscribe from this group and stop receiving emails from it, send >> >> >>> an >> >> >>> email to [email protected]. >> >> >>> For more options, visit https://groups.google.com/groups/opt_out. >> >> >>> >> >> >>> >> >> >> >> >> >> -- >> >> >> >> >> >> --- >> >> >> You received this message because you are subscribed to the Google >> >> >> Groups >> >> >> "ossec-list" group. >> >> >> To unsubscribe from this group and stop receiving emails from it, send >> >> >> an >> >> >> email to [email protected]. >> >> >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> >> >> >> >> >> > >> >> > >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, send >> >> > an >> >> > email to [email protected]. >> >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> > >> >> > >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to the Google Groups >> >> "ossec-list" group. >> >> To unsubscribe from this group and stop receiving emails from it, send an >> >> email to [email protected]. >> >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> >> >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
