On Mon, Nov 25, 2013 at 10:13 AM, Andrew Strozyk <[email protected]> wrote: > We actually are running 2.7.1. And since i am new to ossec i did not create > any specific remoted configuration. I just used all the defaults. >
And that configuration would be what exactly? (help me out so I don't have to do a fresh install just to see the final configuration) If you run `/var/ossec/bin/ossec-remoted -d` are there any more useful logs (possibly in /var/ossec/logs/ossec.log)? Does it crash immediately? Is udp port 1514 currently occupied? Can you run it under gdb? gdb /var/ossec/bin/ossec-remoted set follow-fork-mode child run -d CRASH bt > On Friday, November 22, 2013 2:58:07 PM UTC-5, dan (ddpbsd) wrote: >> >> On Fri, Nov 22, 2013 at 2:47 PM, Andrew Strozyk <[email protected]> >> wrote: >> > Hi, >> > >> > I am running into some problems with ossec. I am testing out some HIDS >> > pilots at my work as we are in need of one for our systems. I am very >> > interested in using ossec but i have been having problems connecting the >> > agents to the server. I checked on the server in /var/log/messages and >> > this >> > is the output i get: >> > >> > [3886011.217396] ossec-remoted[20994]: >> > segfault >> > at 61 ip 0000000000420002 sp 00007fff6b9e5ca0 error 4 in >> > ossec-remoted[400000+4b000] >> > >> > The remoted service keeps crashing. I restart it manually using >> > /var/ossec/bin/ossec-control restart and then the above error shows up. >> > We >> > currently use openSUSE-12.3 on all our systems. >> > >> >> Try 2.7.1. Also, please provide your remoted configuration. >> >> > Just for more information, the agent is sending this error back as well: >> > >> > 2013/11/22 14:44:28 ossec-agentd: INFO: Trying to connect to server >> > (10.100.90.58:1514). >> > 2013/11/22 14:44:28 ossec-agentd: INFO: Using IPv4 for: 10.100.90.58 . >> > 2013/11/22 14:44:38 ossec-agentd(1218): ERROR: Unable to send message to >> > server. >> > 2013/11/22 14:44:50 ossec-agentd(1218): ERROR: Unable to send message to >> > server. >> > 2013/11/22 14:44:51 ossec-agentd(4101): WARN: Waiting for server reply >> > (not >> > started). Tried: '10.100.90.58'. >> > >> > 10.100.90.58 is the server's correct ip address. >> > >> > Appreciate any incite on this. Thanks! >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
