Hi, I'm really a newbie in this field and I'm posting this to see if I installed a standalone version for a managed server correctly.
The server is Centos 6.5. I took the following steps: # wget -q -O - https://www.atomicorp.com/installers/atomic | sh # yum install ossec-hids ossec-hids-server I then ran /var/ossec/bin/ossec-configure >From what I read I had to select local for a standalone that is a server is its own agent so to speak. I then started it up. I then checked the log the ossec.log and found a few errors: 2014/06/18 10:52:38 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' not accessible: 'Connection refused'. 2014/06/18 10:52:38 ossec-analysisd(1301): ERROR: Unable to connect to active response queue. 2014/06/18 10:52:38 ossec-analysisd: INFO: Connected to '/queue/alerts/execq' (exec queue) and 2014/06/18 10:55:48 ossec-execd: INFO: Active response command not present: '/var/ossec/active-response/bin/restart-ossec.cmd'. Not using it on this system. I checked the docs and it said something about http://ossec-docs.readthedocs.org/en/latest/faq/unexpected.html#check-queue-alerts-ar adding an agent using manage_agent I therefore run the command agent_control -l It showed one agent: OSSEC HIDS agent_control. List of available agents: ID: 000, Name: 999999-www.myserver.com (server), IP: 127.0.0.1, Active/Local I assume this is the agent I need to add. I ran manage_agent and select A to add the local agent. I restarted ossec and the error went away. Could someone confirm this is the correct way to install the standalone. (If so then maybe it will help someone else in the future since I couldn't find it documented.) Thank-you in advance. David j. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
