Dan, Doc is minimal from what I could find.
Its suggested on the ossec.net web site http://www.ossec.net/?page_id=19 using yum I'll give it a try and if not I'll start over. Thanks David j. On Wednesday, June 18, 2014 11:53:18 AM UTC-4, David j wrote: > > Hi, > > I'm really a newbie in this field and I'm posting this to see if I > installed a standalone version > for a managed server correctly. > > The server is Centos 6.5. > > I took the following steps: > > # wget -q -O - https://www.atomicorp.com/installers/atomic | sh > # yum install ossec-hids ossec-hids-server > > I then ran /var/ossec/bin/ossec-configure > > From what I read I had to select local for a standalone that is a server > is its own agent so to speak. > > I then started it up. > > I then checked the log the ossec.log and found a few errors: > > 2014/06/18 10:52:38 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not accessible: 'Connection refused'. > 2014/06/18 10:52:38 ossec-analysisd(1301): ERROR: Unable to connect to > active response queue. > 2014/06/18 10:52:38 ossec-analysisd: INFO: Connected to > '/queue/alerts/execq' (exec queue) > > and > > 2014/06/18 10:55:48 ossec-execd: INFO: Active response command not > present: '/var/ossec/active-response/bin/restart-ossec.cmd'. > Not using it on this system. > > I checked the docs and it said something about > > > http://ossec-docs.readthedocs.org/en/latest/faq/unexpected.html#check-queue-alerts-ar > > adding an agent using manage_agent > > I therefore run the command agent_control -l > > It showed one agent: > > OSSEC HIDS agent_control. List of available agents: > ID: 000, Name: 999999-www.myserver.com (server), IP: 127.0.0.1, > Active/Local > > I assume this is the agent I need to add. > > I ran manage_agent and select A to add the local agent. > > I restarted ossec and the error went away. > > Could someone confirm this is the correct way to install the standalone. > (If so then > maybe it will help someone else in the future since I couldn't find it > documented.) > > Thank-you in advance. > > David j. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
