np.... Thanks for your help !! Here is the ossec.conf file
On Tue, May 7, 2013 at 1:25 PM, dan (ddp) <[email protected]> wrote: > > On May 7, 2013 4:20 PM, "David Juarez" <[email protected]> wrote: > > > > Dan, > > > > I am not making difficult.. those are errors received... yes, I added > the client.. in fact.. Solaris 10 is the one that is causing this issues.. > > > > My apologies. I'll try to simplify this further because I _really_ want to > know the answer this my question. > > Please send your agent's ossec.conf. > > > > > [root@syslog-rhel63-svr bin]# pwd > > /var/ossec/bin > > [root@syslog-rhel63-svr bin]# ./manage_agents > > > > > > **************************************** > > * OSSEC HIDS v2.6 Agent manager. * > > * The following options are available: * > > **************************************** > > (A)dd an agent (A). > > (E)xtract key for an agent (E). > > (L)ist already added agents (L). > > (R)emove an agent (R). > > (Q)uit. > > Choose your action: A,E,L,R or Q: L > > > > Available agents: > > ID: 001, Name: syslog-rhel63-client1, IP: 138.202.80.162 > > ID: 002, Name: obiwan.usfca.edu, IP: 138.202.81.50 > > ID: 004, Name: luke.usfca.edu, IP: 138.202.80.89 > > > > ** Press ENTER to return to the main menu. > > > > Please note Solaris 10 = ID: 004, Name: luke.usfca.edu, IP: > 138.202.80.89 > > > > Thanks. > > > > D.J. > > > > > > > > > > > > > > > > > > On Tue, May 7, 2013 at 12:21 PM, dan (ddp) <[email protected]> wrote: > >> > >> You're making this incredibly difficult. This should not be difficult. > >> > >> On Tue, May 7, 2013 at 3:12 PM, David Juarez <[email protected]> > wrote: > >> > Hi Dan, > >> > > >> > I executed ./install.sh from where the install script is found. > >> > I noticed this error message from the logs.. very interesting... > >> > > >> > >> All right, forget about the install.sh script. I regret bringing it up. > >> _*-*_DOES THE server-ip EXIST IN THE AGENT'S OSSEC.CONF?_*-*_ > >> > >> If not, try adding it. > >> > >> > > >> > bash-4.2# cat ossec.log > >> > 2013/05/07 11:54:38 ossec-execd: INFO: Started (pid: 28936). > >> > 2013/05/07 11:54:38 ossec-agentd(1402): ERROR: Authentication key file > >> > '/var/ossec/etc/client .keys' not found. > >> > > >> > However !! > >> > > >> > /var/ossec/etc > >> > bash-4.2# ls -l client.keys > >> > -r--r----- 1 root ossec 98 May 7 12:00 client.keys > >> > bash-4.2# > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > On Tue, May 7, 2013 at 12:05 PM, dan (ddp) <[email protected]> wrote: > >> >> > >> >> On Tue, May 7, 2013 at 3:02 PM, David Juarez <[email protected]> > wrote: > >> >> > Hello Dan, > >> >> > > >> >> > I upgraded bash ver 4.2 (Solaris 10) running OSSEC ver 2.7.1 > alpha... re > >> >> > installed the OSSEC software... still getting same error message... > >> >> > > >> >> > >> >> When you run "bash ./install.sh" you get the same error you did > before > >> >> when using the solaris shell? > >> >> Did you try 2.7.1? > >> >> > >> >> > Note: key has been imported successfully to the agent..... from the > >> >> > master > >> >> > server... > >> >> > > >> >> > > >> >> > > >> >> > bash-4.2# pwd > >> >> > /var > >> >> > bash-4.2# date > >> >> > Tuesday, May 7, 2013 12:03:07 PM PDT > >> >> > bash-4.2# uname -n > >> >> > luke > >> >> > bash-4.2# /var/ossec/bin/ossec-control start > >> >> > Starting OSSEC HIDS v2.7.1-alpha-1 (by Trend Micro Inc.)... > >> >> > Deleting PID file > '/var/ossec/var/run/ossec-logcollector-28976.pid' not > >> >> > used... > >> >> > Deleting PID file '/var/ossec/var/run/ossec-agentd-28972.pid' not > >> >> > used... > >> >> > ossec-execd already running... > >> >> > Started ossec-agentd... > >> >> > Started ossec-logcollector... > >> >> > 2013/05/07 12:03:23 ossec-syscheckd(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >> >> > required'. > >> >> > 2013/05/07 12:03:23 ossec-rootcheck(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >> >> > required'. > >> >> > 2013/05/07 12:03:31 ossec-syscheckd(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >> >> > required'. > >> >> > 2013/05/07 12:03:31 ossec-rootcheck(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >> >> > required'. > >> >> > 2013/05/07 12:03:44 ossec-syscheckd(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Destination address > >> >> > required'. > >> >> > 2013/05/07 12:03:44 ossec-rootcheck(1211): ERROR: Unable to access > >> >> > queue: > >> >> > '/var/ossec/queue/ossec/queue'. Giving up.. > >> >> > ossec-syscheckd did not start > >> >> > bash-4.2# > >> >> > > >> >> > > >> >> > > >> >> > > ############################################################################# > >> >> > > >> >> > > >> >> > > >> >> > bash-4.2# cat ossec.log > >> >> > 2013/05/07 11:54:38 ossec-execd: INFO: Started (pid: 28936). > >> >> > 2013/05/07 11:54:38 ossec-agentd(1402): ERROR: Authentication key > file > >> >> > '/var/ossec/et c/client.keys' not found. > >> >> > 2013/05/07 11:54:38 ossec-agentd(1750): ERROR: No remote connection > >> >> > configured. Exiti ng. > >> >> > 2013/05/07 11:54:38 ossec-agentd(4109): ERROR: Unable to start > without > >> >> > auth > >> >> > keys. Exi ting. > >> >> > 2013/05/07 12:00:32 ossec-agentd(1410): INFO: Reading > authentication > >> >> > keys > >> >> > file. > >> >> > 2013/05/07 12:00:35 ossec-syscheckd(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> >> > address > >> >> > required'. > >> >> > 2013/05/07 12:00:35 ossec-rootcheck(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> >> > address > >> >> > required'. > >> >> > 2013/05/07 12:00:41 ossec-logcollector(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/qu eue' not accessible: 'Destination > >> >> > address > >> >> > required'. > >> >> > 2013/05/07 12:00:41 ossec-logcollector(1211): ERROR: Unable to > access > >> >> > queue: > >> >> > '/var/os sec/queue/ossec/queue'. Giving up.. > >> >> > 2013/05/07 12:00:43 ossec-syscheckd(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> >> > address > >> >> > required'. > >> >> > 2013/05/07 12:00:43 ossec-rootcheck(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> >> > address > >> >> > required'. > >> >> > 2013/05/07 12:00:56 ossec-syscheckd(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> >> > address > >> >> > required'. > >> >> > 2013/05/07 12:00:56 ossec-rootcheck(1211): ERROR: Unable to access > >> >> > queue: > >> >> > '/var/ossec /queue/ossec/queue'. Giving up.. > >> >> > 2013/05/07 12:03:20 ossec-agentd(1410): INFO: Reading > authentication > >> >> > keys > >> >> > file. > >> >> > 2013/05/07 12:03:20 ossec-agentd: INFO: No previous counter > available > >> >> > for > >> >> > 'luke.usfca .edu'. > >> >> > 2013/05/07 12:03:20 ossec-agentd: INFO: Assigning counter for agent > >> >> > luke.usfca.edu: ' 0:0'. > >> >> > 2013/05/07 12:03:20 ossec-agentd: INFO: No previous sender counter. > >> >> > 2013/05/07 12:03:20 ossec-agentd: INFO: Assigning sender counter: > 0:0 > >> >> > 2013/05/07 12:03:23 ossec-syscheckd(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> >> > address > >> >> > required'. > >> >> > 2013/05/07 12:03:23 ossec-rootcheck(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> >> > address > >> >> > required'. > >> >> > 2013/05/07 12:03:29 ossec-logcollector(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/qu eue' not accessible: 'Destination > >> >> > address > >> >> > required'. > >> >> > 2013/05/07 12:03:29 ossec-logcollector(1211): ERROR: Unable to > access > >> >> > queue: > >> >> > '/var/os sec/queue/ossec/queue'. Giving up.. > >> >> > 2013/05/07 12:03:31 ossec-syscheckd(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> >> > address > >> >> > required'. > >> >> > 2013/05/07 12:03:31 ossec-rootcheck(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> >> > address > >> >> > required'. > >> >> > 2013/05/07 12:03:44 ossec-syscheckd(1210): ERROR: Queue > >> >> > '/var/ossec/queue/ossec/queue ' not accessible: 'Destination > >> >> > address > >> >> > required'. > >> >> > 2013/05/07 12:03:44 ossec-rootcheck(1211): ERROR: Unable to access > >> >> > queue: > >> >> > '/var/ossec /queue/ossec/queue'. Giving up.. > >> >> > bash-4.2# > >> >> > > >> >> > > >> >> > >> >> Does the server-ip exist in the agent' ossec.conf? > >> >> > >> >> > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > On Tue, May 7, 2013 at 3:29 AM, dan (ddp) <[email protected]> > wrote: > >> >> >> > >> >> >> Make sure the server-ip made it into the ossec.conf > >> >> >> > >> >> >> On May 6, 2013 8:14 PM, "David Juarez" <[email protected]> > wrote: > >> >> >>> > >> >> >>> Hi Dan, > >> >> >>> > >> >> >>> Many Thanks for your quick response.. I have installed OSSEC HIDS > >> >> >>> v2.7.1-alpha-1 (by Trend Micro Inc.)..., so far installation did > not > >> >> >>> complained. I was able to register the agent (Sol10) on the > >> >> >>> master/server > >> >> >>> ... imported the certificate key on the agent, but when > attempting to > >> >> >>> start > >> >> >>> OSSEC I received the error messages below.. > >> >> >>> > >> >> >>> any suggestions? I am doing a research as well.. > >> >> >>> Thanks again !!! > >> >> >>> > >> >> >>> Kind regards, > >> >> >>> D.J. > >> >> >>> > >> >> >>> > >> >> >>> bash-3.00# ./ossec-control start > >> >> >>> Starting OSSEC HIDS v2.7.1-alpha-1 (by Trend Micro Inc.)... > >> >> >>> ossec-execd already running... > >> >> >>> Started ossec-agentd... > >> >> >>> Started ossec-logcollector... > >> >> >>> 2013/05/06 14:24:57 ossec-syscheckd(1210): ERROR: Queue > >> >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination > address > >> >> >>> required'. > >> >> >>> 2013/05/06 14:24:57 ossec-rootcheck(1210): ERROR: Queue > >> >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination > address > >> >> >>> required'. > >> >> >>> 2013/05/06 14:25:05 ossec-syscheckd(1210): ERROR: Queue > >> >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination > address > >> >> >>> required'. > >> >> >>> 2013/05/06 14:25:05 ossec-rootcheck(1210): ERROR: Queue > >> >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination > address > >> >> >>> required'. > >> >> >>> 2013/05/06 14:25:18 ossec-syscheckd(1210): ERROR: Queue > >> >> >>> '/var/ossec/queue/ossec/queue' not accessible: 'Destination > address > >> >> >>> required'. > >> >> >>> 2013/05/06 14:25:18 ossec-rootcheck(1211): ERROR: Unable to > access > >> >> >>> queue: > >> >> >>> '/var/ossec/queue/ossec/queue'. Giving up.. > >> >> >>> ossec-syscheckd did not start > >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> On Mon, May 6, 2013 at 1:43 PM, dan (ddp) <[email protected]> > wrote: > >> >> >>>> > >> >> >>>> Either use bash or try the 2.7.1 alpha. The Solaris shell is > ancient. > >> >> >>>> > >> >> >>>> On May 6, 2013 2:39 PM, "David Juarez" <[email protected]> > wrote: > >> >> >>>>> > >> >> >>>>> Hello All - > >> >> >>>>> > >> >> >>>>> > >> >> >>>>> I am attempting a fresh install of OSSEC HIDS v2.7 in sol 10. I > >> >> >>>>> received the following error message.. > >> >> >>>>> > >> >> >>>>> "./install.sh: syntax error at line 142: `$' unexpected" > >> >> >>>>> > >> >> >>>>> any idea? > >> >> >>>>> I was able to install it successfully on RHEL v6.3.. > >> >> >>>>> > >> >> >>>>> Any recommendations are greatly appreciated it. > >> >> >>>>> > >> >> >>>>> Thanks. > >> >> >>>>> > >> >> >>>>> Regards, > >> >> >>>>> David Juarez > >> >> >>>>> > >> >> >>>>> -- > >> >> >>>>> > >> >> >>>>> --- > >> >> >>>>> You received this message because you are subscribed to the > Google > >> >> >>>>> Groups "ossec-list" group. > >> >> >>>>> To unsubscribe from this group and stop receiving emails from > it, > >> >> >>>>> send > >> >> >>>>> an email to [email protected]. > >> >> >>>>> For more options, visit > https://groups.google.com/groups/opt_out. > >> >> >>>>> > >> >> >>>>> > >> >> >>>> > >> >> >>>> -- > >> >> >>>> > >> >> >>>> --- > >> >> >>>> You received this message because you are subscribed to the > Google > >> >> >>>> Groups "ossec-list" group. > >> >> >>>> To unsubscribe from this group and stop receiving emails from > it, > >> >> >>>> send > >> >> >>>> an email to [email protected]. > >> >> >>>> For more options, visit > https://groups.google.com/groups/opt_out. > >> >> >>>> > >> >> >>>> > >> >> >>> > >> >> >>> > >> >> >>> -- > >> >> >>> > >> >> >>> --- > >> >> >>> You received this message because you are subscribed to the > Google > >> >> >>> Groups > >> >> >>> "ossec-list" group. > >> >> >>> To unsubscribe from this group and stop receiving emails from > it, send > >> >> >>> an > >> >> >>> email to [email protected]. > >> >> >>> For more options, visit https://groups.google.com/groups/opt_out > . > >> >> >>> > >> >> >>> > >> >> >> > >> >> >> -- > >> >> >> > >> >> >> --- > >> >> >> You received this message because you are subscribed to the Google > >> >> >> Groups > >> >> >> "ossec-list" group. > >> >> >> To unsubscribe from this group and stop receiving emails from it, > send > >> >> >> an > >> >> >> email to [email protected]. > >> >> >> For more options, visit https://groups.google.com/groups/opt_out. > >> >> >> > >> >> >> > >> >> > > >> >> > > >> >> > -- > >> >> > > >> >> > --- > >> >> > You received this message because you are subscribed to the Google > >> >> > Groups > >> >> > "ossec-list" group. > >> >> > To unsubscribe from this group and stop receiving emails from it, > send > >> >> > an > >> >> > email to [email protected]. > >> >> > For more options, visit https://groups.google.com/groups/opt_out. > >> >> > > >> >> > > >> >> > >> >> -- > >> >> > >> >> --- > >> >> You received this message because you are subscribed to the Google > Groups > >> >> "ossec-list" group. > >> >> To unsubscribe from this group and stop receiving emails from it, > send an > >> >> email to [email protected]. > >> >> For more options, visit https://groups.google.com/groups/opt_out. > >> >> > >> >> > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/groups/opt_out. > >> > > >> > > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > >> For more options, visit https://groups.google.com/groups/opt_out. > >> > >> > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
ossec.conf
Description: Binary data
