On Tue, May 24, 2016 at 9:15 AM, venkat swaminathan <[email protected]> wrote: > Yes, I did add client in server machine and stored the keydata in > client.keys >
Did you import the key on the agent? `/var/ossec/bin/manage_agents` and the "i" option (I think). > However, if analysisd is not required, what is causing the > "ossec-syscheckd(1210): ERROR: Queue '/opt/ossecData/queue/ossec/queue' " > I believe the agent processes connect to ossec-agentd. So try starting that manually: `/var/ossec/bin/ossec-agentd -df` That should put it in debug mode and run it in the foreground. If it has any errors they should be printed to the terminal. > > > > On Tuesday, 24 May 2016 18:02:53 UTC+5:30, venkat swaminathan wrote: >> >> Dear All >> >> Please bare my simple overview, Request some guidance in addressing issue >> >> In our Linux system, we are trying to incorporate intrusion detection and >> file integrity monitoring alerts. For this OSSEC seems to be best open >> source option available in market. >> >> System Configuration: >> >> Ossec in server Mode : Debian 8 (Jessie) >> Binary : Used ./install.sh from source >> (https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz) >> with server option. >> >> The compilation was succesful : >> root@debian:/opt/ossecData# >> >> /opt/venkat/ossecData/bin/ossec-control status >> ossec-monitord is running... >> ossec-logcollector is running... >> ossec-remoted is running... >> ossec-syscheckd is running... >> ossec-analysisd is running... >> ossec-maild is running... >> ossec-execd is running... >> >> System is running fine. >> >> However, tried the same in CLIENT machine () >> >> Ossec in server Mode : Debian 6 (Squeeze) >> Binary : Used ./install.sh from source >> (https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz) >> with agent option. >> >> Installation completed successfully, >> >> when i tried to start ossces agent : >> >> root@vir-deb:/opt/ossecData# /opt/ossecData/bin/ossec-control start >> Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)... >> Deleting PID file '/opt/ossecData/var/run/ossec-logcollector-5760.pid' not >> used... >> Deleting PID file '/opt/ossecData/var/run/ossec-agentd-5756.pid' not >> used... >> ossec-execd already running... >> 2016/05/24 15:25:16 ossec-agentd: INFO: Using notify time: 600 and max >> time to reconnect: 1800 >> Started ossec-agentd... >> Started ossec-logcollector... >> 2016/05/24 15:25:19 ossec-syscheckd(1210): ERROR: Queue >> '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. >> 2016/05/24 15:25:19 ossec-rootcheck(1210): ERROR: Queue >> '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. >> 2016/05/24 15:25:27 ossec-syscheckd(1210): ERROR: Queue >> '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. >> 2016/05/24 15:25:27 ossec-rootcheck(1210): ERROR: Queue >> '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. >> 2016/05/24 15:25:40 ossec-syscheckd(1210): ERROR: Queue >> '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. >> 2016/05/24 15:25:40 ossec-rootcheck(1211): ERROR: Unable to access queue: >> '/opt/ossecData/queue/ossec/queue'. Giving up.. >> >> I did search on this topic ( >> http://ossec-docs.readthedocs.io/en/latest/faq/unexpected.html#id50 ) . But >> nothing worked in my case. >> >> According to docs for this error code , they asked to look at the status >> of ossec-analysisd . But in my case on my client machine , I am unable to >> locate ossec-analysisd. >> >> -r-xr-x--- 1 root ossec 247218 May 24 14:39 agent-auth >> -r-xr-x--- 1 root ossec 250505 May 24 14:39 manage_agents >> -r-xr-x--- 1 root ossec 501580 May 24 14:39 ossec-agentd >> -r-xr-x--- 1 root ossec 4834 Oct 13 2015 ossec-control >> -r-xr-x--- 1 root ossec 105035 May 24 14:38 ossec-execd >> -r-xr-x--- 1 root ossec 384947 May 24 14:39 ossec-logcollector >> -r-xr-x--- 1 root ossec 174370 May 18 17:38 ossec-lua >> -r-xr-x--- 1 root ossec 117632 May 18 17:38 ossec-luac >> -r-xr-x--- 1 root ossec 499976 May 24 14:39 ossec-syscheckd >> -r-xr-x--- 1 root ossec 4360 Oct 13 2015 util.sh >> >> Am I missing something.. >> >> Regards >> Venkat.S >> >> >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
