On Tue, Aug 12, 2014 at 11:36 AM, dan (ddp) <[email protected]> wrote: > On Tue, Aug 12, 2014 at 11:22 AM, Andreas Fantides > <[email protected]> wrote: >> Hi Dan, >> >> I run the test and can see that it logs onto the HP Switch and you get the >> same message displayed that you would if you used PuTTy to connect, however >> it then seems to kick you out and ask for the password again?...... >> >> I've attached another screenshot. >> > > Did you try typing the password in? If so, it doesn't look like it's > catching the password prompt properly, the timeout happens because > there is no authentication taking place and the ssh connection times > out. Could you get rid of the HP advertisement to see if that helps? > You can also add the "-d" flag to expect to see if that provides more > useful information. >
I just setup a linux box to look similar (same advertisement, the prompt looks basically the same). It works fine for me. Make sure your /var/ossec/agentlessd/.passlist looks something like: [email protected]|YEsTaS87| If you run `ssh [email protected] "show config"` do you get the output you expect (after typing in the password)? About how long does it take to timeout? > >> >> >> On Tuesday, 12 August 2014 14:44:21 UTC+1, dan (ddpbsd) wrote: >>> >>> On Tue, Aug 12, 2014 at 9:40 AM, Andreas Fantides >>> <[email protected]> wrote: >>> > Hi Dan, >>> > >>> > I have moved all of Ossec to the /var/ossec directory and confirmed that >>> > everything is started, working and reporting, but am still having no >>> > luck >>> > with agentless. >>> > >>> > I have tried your command and received the output in the attachment. Any >>> > ideas? >>> > >>> >>> >>> Try `expect agentless/ssh_generic_diff HOST` or something like that. >>> I thinkn that's what you wanted to run. >>> >>> > Many thanks >>> > Andreas >>> > >>> > >>> > On Tuesday, 12 August 2014 13:33:42 UTC+1, Andreas Fantides wrote: >>> >> >>> >> Cheers Dan, I think you might be on to something here, I'll test and >>> >> report back.... >>> >> >>> >> On Tuesday, 12 August 2014 12:11:27 UTC+1, dan (ddpbsd) wrote: >>> >>> >>> >>> On Tue, Aug 12, 2014 at 6:54 AM, Andreas Fantides >>> >>> <[email protected]> wrote: >>> >>> > Hi Dan, and thanks for the information. How do I run manually >>> >>> > though? >>> >>> > >>> >>> >>> >>> `cd /var/ossec && expect agentless/script` >>> >>> >>> >>> I think it expects to be run from /var/ossec. >>> >>> >>> >>> > I have attached my expect script and can't see anything wrong, but >>> >>> > was >>> >>> > wondering if anyone could take a look? >>> >>> > >>> >>> > Cheers. >>> >>> > >>> >>> > >>> >>> > On Monday, 11 August 2014 17:49:28 UTC+1, dan (ddpbsd) wrote: >>> >>> >> >>> >>> >> On Sun, Aug 10, 2014 at 9:20 AM, Andreas Fantides >>> >>> >> <[email protected]> wrote: >>> >>> >> > I've been really struggling to get agentless monitoring set up >>> >>> >> > and >>> >>> >> > working >>> >>> >> > with HP Procurve 2524 switches. >>> >>> >> > >>> >>> >> > I have done the following: >>> >>> >> > >>> >>> >> > · Enabled agentless on the Ossec server. >>> >>> >> > >>> >>> >> > · Registered the switch using a password like this >>> >>> >> > [email protected] Password (I am assuming that you place the >>> >>> >> > user/login >>> >>> >> > name to ssh into the switch before the @, and the password is the >>> >>> >> > ssh >>> >>> >> > password) >>> >>> >> > >>> >>> >> > · Set Ossec config for ssh_generic_diff, with >>> >>> >> > [email protected] as >>> >>> >> > the host, argument is show config >>> >>> >> > >>> >>> >> > · I have enabled logging to my server on the switch >>> >>> >> > >>> >>> >> > · Added my server as an ip-authorised manager on the >>> >>> >> > switch >>> >>> >> > >>> >>> >> > · Enabled ssh on the switch (can PuTTy in) >>> >>> >> > >>> >>> >> > Yet after all this agentless doesn't want to work and in the >>> >>> >> > ossec.log >>> >>> >> > it >>> >>> >> > says test passed for ssh_generic_diff, but then shows that >>> >>> >> > agentless >>> >>> >> > times >>> >>> >> > out and wont connect to the switch. >>> >>> >> > >>> >>> >> > Can anyone help? >>> >>> >> > >>> >>> >> >>> >>> >> Try running it manually. I'm guessing the login doesn't quite look >>> >>> >> the >>> >>> >> way "expect" expects. >>> >>> >> I don't know a whole lot about it, but I think the list could help >>> >>> >> to >>> >>> >> get it working. Knowing what the SSH login looks like, and what >>> >>> >> commands you need run would help. >>> >>> >> >>> >>> >> > -- >>> >>> >> > >>> >>> >> > --- >>> >>> >> > You received this message because you are subscribed to the >>> >>> >> > Google >>> >>> >> > Groups >>> >>> >> > "ossec-list" group. >>> >>> >> > To unsubscribe from this group and stop receiving emails from it, >>> >>> >> > send >>> >>> >> > an >>> >>> >> > email to [email protected]. >>> >>> >> > For more options, visit https://groups.google.com/d/optout. >>> >>> > >>> >>> > -- >>> >>> > >>> >>> > --- >>> >>> > You received this message because you are subscribed to the Google >>> >>> > Groups >>> >>> > "ossec-list" group. >>> >>> > To unsubscribe from this group and stop receiving emails from it, >>> >>> > send >>> >>> > an >>> >>> > email to [email protected]. >>> >>> > For more options, visit https://groups.google.com/d/optout. >>> > >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> > Groups >>> > "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> > an >>> > email to [email protected]. >>> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
