I was able to fix these errors by doing the following: 1. Set the correct IP address for <server-ip> in ossec.conf 2. Changed the permission of client.keys to 644 3. Removed the /var/ossec/etc/shared/agent.conf file
On Thursday, June 11, 2015 at 10:52:49 AM UTC-6, H Le wrote: > > Hi, > > I was trying to install ossec-hids-client on my CentOS 6 box and used > agent-auth to get keys from the server. Note that I am using the latest > RPMs (2.8.1-48 > <http://www5.atomicorp.com/channels/ossec/centos/6/x86_64/RPMS/ossec-hids-client-2.8.1-48.el6.art.x86_64.rpm> > ) > > yum -y install ossec-hids ossec-hids-client > /var/ossec/bin/agent-auth -m <server-ip> -p 1515 -d & > /var/ossec/bin/ossec-control restart > > I got the following errors: > > Starting OSSEC HIDS v2.8 (by Trend Micro Inc.)... > Started ossec-execd... > 2015/06/11 16:00:42 ossec-agentd: INFO: Using notify time: 600 and max > time to reconnect: 1800 > Started ossec-agentd... > 2015/06/11 16:00:42 ossec-logcollector(1103): ERROR: Unable to open file > '/queue/ossec/.agent_info'. > Started ossec-logcollector... > 2015/06/11 16:00:42 ossec-config(1756): ERROR: Duplicated directory given: > '/etc'. > 2015/06/11 16:00:42 ossec-config(1756): ERROR: Duplicated directory given: > '/bin'. > 2015/06/11 16:00:42 ossec-syscheckd(1103): ERROR: Unable to open file > '/queue/ossec/.agent_info'. > 2015/06/11 16:00:42 ossec-syscheckd(1103): ERROR: Unable to open file > '/queue/ossec/.agent_info'. > 2015/06/11 16:00:45 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2015/06/11 16:00:45 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2015/06/11 16:00:53 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2015/06/11 16:00:53 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2015/06/11 16:01:06 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2015/06/11 16:01:06 ossec-rootcheck(1211): ERROR: Unable to access queue: > '/var/ossec/queue/ossec/queue'. Giving up.. > ossec-syscheckd did not start > > The same errors happened 2.8.1-47 and the latest of 2.7. Has anyone seen > this issues? And could you please show how to fix the errors? > Thanks. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
