Oh Damn .. it did take a while .. i pushed out the changes last evening, well this morning that i checked, the hash matches.
I did not realize it would take that long for it to propagate to remote hosts. The other steps that were suggested here - checking permissions and merged.mg file .. as well as running verify-agent-config, are good things to know for troubleshooting. Leaving these comments here, so they could be helpful for others (if they need help). Thanks for this AJ On Wednesday, March 5, 2014 5:09:49 AM UTC-8, dan (ddpbsd) wrote: > > On Tue, Mar 4, 2014 at 7:06 PM, Anuj AJ <[email protected] <javascript:>> > wrote: > > Greetings everyone. > > > > So as the subject says, i have not been able to push out configs from > ossec > > server to the remote hosts. > > > > I followed the things in the docs (ossec site) > > > http://ossec-docs.readthedocs.org/en/latest/manual/agent/agent-configuration.html > > > > > Here is my session > > > > After making changes to /var/ossec/etc/shared/agent.conf > > > > root@exec02:/var/ossec/bin# service ossec restart > > Killing ossec-monitord .. > > Killing ossec-logcollector .. > > Killing ossec-syscheckd .. > > Killing ossec-analysisd .. > > Killing ossec-maild .. > > Killing ossec-execd .. > > Killing ossec-csyslogd .. > > OSSEC HIDS v2.6 Stopped > > Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)... > > ossec-analysisd: Configuration error. Exiting. > > Started ossec-csyslogd... > > Started ossec-maild... > > Started ossec-execd... > > Started ossec-analysisd... > > Started ossec-logcollector... > > Started ossec-syscheckd... > > Started ossec-monitord... > > Completed. > > > > root@exec02:/var/ossec/bin# > > root@exec02:/var/ossec/bin# md5sum /var/ossec/etc/shared/agent.conf > > 91441e8cc7d4074efe667ff87d8ca689 /var/ossec/etc/shared/agent.conf > > root@exec02:/var/ossec/bin# > > root@exec02:/var/ossec/bin# > > root@exec02:/var/ossec/bin# > > root@exec02:/var/ossec/bin# > > root@exec02:/var/ossec/bin# ./agent_control -i 37 > > > > OSSEC HIDS agent_control. Agent information: > > Agent ID: 37 > > Agent Name: vault2.sf1.us.billfloat.com > > IP address: 10.0.6.20 > > Status: Active > > > > Operating system: Linux vault2 2.6.32-24-server #43-Ubuntu SMP Thu > > Sep.. > > Client version: OSSEC HIDS v2.7.1 / > 5e9e0c5a4c519883434627cfdb8f059b > > Last keep alive: Tue Mar 4 15:56:38 2014 > > > > Syscheck last started at: Tue Mar 4 15:57:43 2014 > > Rootcheck last started at: Tue Mar 4 13:55:32 2014 > > > > > > root@exec02:/var/ossec/bin# ./agent_control -R 37 > > > > OSSEC HIDS agent_control: Restarting agent: 37 > > root@exec02:/var/ossec/bin# > > root@exec02:/var/ossec/bin# > > root@exec02:/var/ossec/bin# > > root@exec02:/var/ossec/bin# > > root@exec02:/var/ossec/bin# ./agent_control -i 37 > > > > OSSEC HIDS agent_control. Agent information: > > Agent ID: 37 > > Agent Name: vault2.sf1.us.billfloat.com > > IP address: 10.0.6.20 > > Status: Active > > > > Operating system: Linux vault2 2.6.32-24-server #43-Ubuntu SMP Thu > > Sep.. > > Client version: OSSEC HIDS v2.7.1 / > 5e9e0c5a4c519883434627cfdb8f059b > > Last keep alive: Tue Mar 4 15:58:27 2014 > > > > Syscheck last started at: Tue Mar 4 15:57:43 2014 > > Rootcheck last started at: Tue Mar 4 13:55:32 2014 > > root@exec02:/var/ossec/bin# ./agent_control -i 37 > > > > OSSEC HIDS agent_control. Agent information: > > Agent ID: 37 > > Agent Name: vault2.sf1.us.billfloat.com > > IP address: 10.0.6.20 > > Status: Active > > > > Operating system: Linux vault2 2.6.32-24-server #43-Ubuntu SMP Thu > > Sep.. > > Client version: OSSEC HIDS v2.7.1 / > 5e9e0c5a4c519883434627cfdb8f059b > > Last keep alive: Tue Mar 4 15:58:27 2014 > > > > Syscheck last started at: Tue Mar 4 15:57:43 2014 > > Rootcheck last started at: Tue Mar 4 13:55:32 2014 > > > > > > > > As you can see, the agent client version doesnt really change. > > > > Hoping to get some help. > > > > How long did you wait? It can take a while. > Check the permissions of the files on the agent and the server. > Include the merged.mg file on both. > > > Thanks > > AJ > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
