On Thu, Oct 6, 2016 at 10:50 AM, Yousif Johny <[email protected]> wrote: > Hi Dan, > > Thank you for the response. > > Interestingly, it just got fixed. I had to modify part of the monitoring > script as part of was calling main.exp with the wrong path. > > Now I'm left wondering. The log says test passed. > > How do I monitor this like the others with Agents? >
You should get alerts in a similar fashion to actual agents, but I don't use the linux agentless scripts so I don't know for sure. You might be able to find the data transferred in /var/ossec/queue somewhere. My ssh_generic_diff agentless output goes to /var/ossec/queue/diff. > I don't see an outcome on the Web-gui of OSSEC. > > Thank you. > > On Thursday, October 6, 2016 at 3:31:27 PM UTC+1, Yousif Johny wrote: >> >> Dear mates, >> >> I'd really appreciate your help with the issue I'm having, trying to get >> an Agentless monitoring working. >> >> I installed OSSEC in CentOS, and I'm trying to monitor a linux host using >> the ssh_integrity_check_linux script. >> >> I tested the script manually as follows: >> ./ssh_integrity_check_linux [email protected] /bin >> >> And it seems to work, as it printed the hashes of files under /bin, and at >> the end it said "Finished" >> >> I put the below in ossec.conf below <ossec_config> >> >> <agentless> >> <type>ssh_integrity_check_linux</type> >> <frequency>36000</frequency> >> <host>[email protected]</host> >> <state>periodic</state> >> <arguments>/bin</arguments> >> </agentless> >> >> >> When I restart OSSEC, I see the below in the ossec.log >> 2016/10/06 07:18:46 ossec-agentlessd: ERROR: Test failed for >> 'ssh_integrity_check_linux' (1). Ignoring. >> >> >> Any idea why this is happening? >> >> Thank you. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
