Hi, ossec-remoted should start by itself, if not, usually is because you don't have any agents added. Try to run bin/manage_agents, add an example agent, restart OSSEC and remoted should start.
Check client.keys to verify if this "example agent" was added. Check permissions of folders etc/ and queue/. On Wednesday, February 3, 2016 at 5:57:44 AM UTC+1, sandeep wrote: > > Hi Santiago, > > Thanks for the reply. > > I removed all the old files from the path you mentioned and restarted both > master and agent services. Below are the logs i see - > > On Master - > 2016/02/03 04:50:43 ossec-remoted(1408): ERROR: Invalid ID for the source > ip: 'xxx.xxx.xxx.xxx'. > 2016/02/03 04:50:49 ossec-remoted(1408): ERROR: Invalid ID for the source > ip: 'xxx.xxx.xxx.xxx'. > > On Agent - > 2016/02/03 04:48:35 ossec-agentd(4101): WARN: Waiting for server reply > (not started). Tried: 'ossec.druva.com/yyy.yyy.yyy.yyy'. > 2016/02/03 04:49:31 ossec-agentd: INFO: Trying to connect to server ( > ossec.druva.com/yyy.yyy.yyy.yyy:1514). > 2016/02/03 04:49:31 ossec-agentd: INFO: Using IPv4 for: yyy.yyy.yyy.yyy. > > I am trying this on AWS EC2 setup, Port 1514 is open and server is > listening on same UDP port. OS is Ubuntu 14.04 LTS, Installation is done > through repository on both master and agent. > > One more observation, when i restart ossec service all the services comes > up without an issue but ossec-remoted doesn't start. I have to run > "./ossec-remoted" command from /bin directory every time i do service > restart. > > On Wed, Feb 3, 2016 at 12:28 AM, Santiago Bassett <[email protected] > <javascript:>> wrote: > >> Hi Sandeep, >> >> those issues are probably not related to each other. Removing the >> client.keys file, and the files in queue/rids, queue/agent-info >> queue/syscheck and queue/rootcheck should be enough. >> >> Any error message in your agent or manager log files? >> >> On Mon, Feb 1, 2016 at 7:19 AM, sandeep <[email protected] >> <javascript:>> wrote: >> >>> Hi, >>> >>> what should be the approach to delete all agent and respected entries to >>> start from scratch ? >>> >>> I have a ossec server and 50+ agents which was in 'inactive' state. I >>> decided to upgrade the server and client version (start as fresh). I moved >>> client.keys and all files from rids directory and added one new client >>> manually, But it fails to communicate to server. >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected] <javascript:>. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Regards, > Sandeep > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
