On Wed, Jun 18, 2014 at 11:53 AM, David j <[email protected]> wrote: > Hi, > > I'm really a newbie in this field and I'm posting this to see if I installed > a standalone version > for a managed server correctly. > > The server is Centos 6.5. > > I took the following steps: > > # wget -q -O - https://www.atomicorp.com/installers/atomic | sh > # yum install ossec-hids ossec-hids-server > > I then ran /var/ossec/bin/ossec-configure > > From what I read I had to select local for a standalone that is a server is > its own agent so to speak. > > I then started it up. > > I then checked the log the ossec.log and found a few errors: > > 2014/06/18 10:52:38 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not accessible: 'Connection refused'. > 2014/06/18 10:52:38 ossec-analysisd(1301): ERROR: Unable to connect to > active response queue. > 2014/06/18 10:52:38 ossec-analysisd: INFO: Connected to > '/queue/alerts/execq' (exec queue) > > and > > 2014/06/18 10:55:48 ossec-execd: INFO: Active response command not present: > '/var/ossec/active-response/bin/restart-ossec.cmd'. > Not using it on this system. >
If you're not using active response, ignore these messages. > I checked the docs and it said something about > > http://ossec-docs.readthedocs.org/en/latest/faq/unexpected.html#check-queue-alerts-ar > > adding an agent using manage_agent > > I therefore run the command agent_control -l > > It showed one agent: > > OSSEC HIDS agent_control. List of available agents: > ID: 000, Name: 999999-www.myserver.com (server), IP: 127.0.0.1, > Active/Local > > I assume this is the agent I need to add. > > I ran manage_agent and select A to add the local agent. > > I restarted ossec and the error went away. > > Could someone confirm this is the correct way to install the standalone. (If > so then > maybe it will help someone else in the future since I couldn't find it > documented.) > I have no idea if your method of installation was correct. You installed the atomic corp version of OSSEC. They probably have documentation for their packages. > Thank-you in advance. > > David j. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
