*agentless/register_host.sh:*
root@sg-misc-xx-xx-xxx-xx:/home/ops/gongkw#
/var/ossec/agentless/register_host.sh list
*Available hosts:
[email protected]
*root@sg-misc-xx-xx-xxx-xx:/var/ossec# ./agentless/ssh_pixconfig_diff
[email protected] 'hardware' . (manually script running )*
INFO: Starting....
spawn ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 [email protected]
***********************************WARNING**********************************
Unauthorized access to this router is unlawful and will be subject to civil
and criminal penalties. Use of this system is being logged and can be used
in
any legal proceedings.
*****************************************************************************
Password:
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2017, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under their own
licenses, such as open source. This software is provided "as is," and
unless
otherwise stated, there is no warranty, express or implied, including but
not
limited to warranties of merchantability and fitness for a particular
purpose.
Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0 or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
A copy of each such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://opensource.org/licenses/gpl-3.0.html and
http://www.opensource.org/licenses/lgpl-2.1.php and
http://www.gnu.org/licenses/old-licenses/library.txt.
xx-xx-xxx-xxx-04# ERROR: Timeout while running on host (too long to
finish): [email protected]
*agentless configuration: (part of ossec configuration)*
<!-- Frequency that rootcheck is executed - every 12 hours -->
<frequency>43200</frequency>
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
<system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</system_audit>
<skip_nfs>yes</skip_nfs>
</rootcheck>
<wodle name="open-scap">
<disabled>yes</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
<content type="xccdf" path="ssg-ubuntu-1604-ds.xml">
<profile>xccdf_org.ssgproject.content_profile_common</profile>
</content>
</wodle>
<!-- CISCO device monitoring -->
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>7200</frequency>
<host>[email protected]</host>
<state>periodic_diff</state>
</agentless>
*ssh_pixconfig_diff configuration:*
#!/usr/bin/env expect
# Agentless monitoring
#
# Copyright (C) 2009 Trend Micro Inc.
# All rights reserved.
#
# This program is a free software; you can redistribute it
# and/or modify it under the terms of the GNU General Public
# License (version 2) as published by the FSF - Free Software
# Foundation.
# Send log entry that we're starting to run
send_user "\nINFO: Starting....\n"
if {$argc < 1} {
send_user "ERROR: ssh_pixconfig_diff <hostname> <commands>\n";
exit 1;
}
# NOTE: this script must be called from within /var/ossec for it to work
set passlist "agentless/.passlist"
set hostname [lindex $argv 0]
set commands [lrange $argv 1 end]
set pass "x"
set addpass "x"
set timeout 20
set lastentry "queue/diff/$hostname-\>ssh_pixconfig_diff/last-entry"
if {[string compare $hostname "test"] == 0} {
if {[string compare $commands "test"] == 0} {
exit 0;
}
}
# Read the password list
if {! [file isfile $passlist]} {
send_user "ERROR: Password list not present (use \"register_host\"
first).\n"
exit 1;
}
set in [open "|base64 -d $passlist"]
while {[gets $in line] != -1} {
set me [string first "|" $line]
set me2 [string last "|" $line]
set length [string length $line]
if {$me == -1} {
continue;
}
if {$me2 == -1} {
continue;
}
if {$me == $me2} {
continue;
}
set me [expr $me-1]
set me2 [expr $me2-1]
set host_list [string range $line 0 $me]
set me [expr $me+2]
set pass_list [string range $line $me $me2]
set me2 [expr $me2+2]
set addpass_list [string range $line $me2 $length]
if {[string compare $host_list $hostname] == 0} {
set pass "$pass_list"
set addpass "$addpass_list"
break
}
}
close $in
if {[string compare $pass "x"] == 0} {
send_user "ERROR: Password for '$hostname' not found.\n"
exit 1;
}
# SSH to the box and pass the directories to check
if [catch {
spawn ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 $hostname
} loc_error] {
send_user "ERROR: Opening connection: $loc_error.\n"
exit 1;
}
expect {
"WARNING: REMOTE HOST" {
send_user "ERROR: RSA host key for '$hostname' has changed. Unable
to access.\n"
exit 1;
}
"*sure you want to continue connecting*" {
send "yes\r"
expect "* password:*" {
send "$pass\r"
expect {
"Permission denied" {
send_user "ERROR: Incorrect password to remote host:
$hostname .\n"
exit 1;
}
timeout {
send_user "ERROR: Timeout while running on host (too
long to finish): $hostname .\n"
exit 1;
}
"*>" {
send_user "\nINFO: Starting.\n"
}
}
}
}
"ssh: connect to host*" {
send_user "ERROR: Unable to connect to remote host: $hostname .\n"
exit 1;
}
"no address associated with name" {
send_user "ERROR: Unable to connect to remote host: $hostname .\n"
exit 1;
}
"*Connection refused*" {
send_user "ERROR: Unable to connect to remote host: $hostname .\n"
exit 1;
}
"*Connection closed by remote host*" {
send_user "ERROR: Unable to connect to remote host: $hostname .\n"
exit 1;
}
"*Password:*" {
send "$pass\r"
expect {
"Permission denied" {
send_user "ERROR: Incorrect password to remote host:
$hostname .\n"
exit 1;
}
timeout {
send_user "ERROR: Timeout while running on host (too long
to finish): $hostname .\n"
exit 1;
}
"*>" {
send_user "INFO: Starting.\n"
}
}
}
timeout {
send_user "ERROR: Timeout while connecting to host: $hostname . \n"
exit 1;
}
}
# Go into enable mode
send "enable\r"
expect {
"Password:" {
send "$addpass\r"
expect {
"*asswor*" {
send_user "ERROR: Incorrect enable password to remote host:
$hostname .\n"
exit 1;
}
"*rror in authenticatio*" {
send_user "ERROR: Incorrect enable password to remote host:
$hostname .\n"
exit 1;
}
timeout {
send_user "ERROR: Timeout while going to enable mode on
host: $hostname .\n"
exit 1;
}
"*#" {
send_user "\nok on enable pass\n"
}
}
}
timeout {
send_user "ERROR: Timeout while running enable on host: $hostname
.\n"
exit 1;
}
}
# Send commands
set timeout 60
# Begin storing all stdout
send_user "\nSTORE: now\n"
# Set our terminal pager to 0 so all our command output on the ASA goes by
without paging
send "no pager\r"
send "term pager 0\r"
expect "*#"
send "term len 0\r"
send "terminal pager 0\r"
# Exclude uptime from the output
send "show version | grep -v Configuration last| up\r"
expect "*#"
# Show our running configuration
send "show running-config\r"
expect "*#"
# Send any additional commands sent from our OSSEC config for this
agentless device
send "$commands\r"
expect {
"*#" {
send_user "\nINFO: Finished at #.\n"
send "exit\r"
exit 0;
}
timeout {
send_user "ERROR: Timeout while running commands on host: $hostname
.\n"
exit 1;
}
eof {
send_user "\nINFO: Finished at EOF.\n"
exit 0;
}
}
send_user "ERROR: Unable to finish properly.\n"
exit 1;
For your information:
root@sg-misc-10-6x-xx-xx:/var/ossec/queue/diff# ls
Agent sg-misc-10-6x-xx-xx
there is no agentless switch, 172.20.xx.xx in the queue
For switch information:
172.10.xx.xx . N3K
On Tuesday, December 26, 2017 at 6:50:09 AM UTC+8, dan (ddpbsd) wrote:
>
> On Fri, Dec 22, 2017 at 4:55 AM, <[email protected] <javascript:>>
> wrote:
> > When i check /var/ossec/queue/diff/, It seems like there is not
> > [user@agent->script] directory. Could i know this [user@agent->script]
> > directory i created myself or automatically generated, and if it needs
> me to
> > generate, what exactly it is , how to i wrote [user@agent->script]
> directory
> > in right way. If it is just a format, what should i do? Thank u again
> and
> > merry Christmas
> >
>
> OSSEC should handle the directory creation. Can you provide your
> agentless configuration?
> Have you tried running the configured script manually?
>
> >
> > On Thursday, December 21, 2017 at 11:06:29 PM UTC+8, Bruce Westbrook
> wrote:
> >>
> >> Assuming you have all of the other pieces for agentless monitoring
> already
> >> in place (e.g. you've registered the host/password, enabled agentless
> >> monitoring) and installed 'expect' on the system, changes will be
> tracked in
> >> the /var/ossec/queue/diff/[user@agent->script] directory. The
> last-entry
> >> file will contain the full configuration being checked against while
> the
> >> diff.[epoch] files contain changes found at those times.
> >>
> >> I've not monitored Cisco switches so I can't speak to whether they will
> >> work as-is or require some additional modifications to work with those
> >> devices. But looks like Dan is offering to help with that.
> >>
> >>
> >> On Thursday, December 21, 2017 at 12:24:57 AM UTC-5,
> [email protected]
> >> wrote:
> >>>
> >>> Hi westbrook,
> >>>
> >>> When i followed your script, there is something new shows ssh_pix
> >>> monitors myswitch@IP starting, which shows in attached pictures.
> >>>
> >>>
> >>>
> >>> but i am checking log in alert.json and ossec.log, which one will show
> >>> the monitoring result when i changed some configuration in my cicso
> switch.
> >>>
> >>>
> >>> Thank u for helping me .
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> On Tuesday, December 19, 2017 at 11:28:15 PM UTC+8, Bruce Westbrook
> >>> wrote:
> >>>>
> >>>> I came across this issue myself when configuring Cisco ASA firewalls
> >>>> with OSSEC v2.8.3. I found that both the ssh_pixconfig_diff (PIX)
> and
> >>>> ssh_asa-fwsmconfig_diff (ASA) scripts have some issues with them,
> >>>> including:
> >>>>
> >>>> • Expect statement has the wrong case used for some responses (e.g.
> >>>> Password instead of password);
> >>>> • SSH is set specifically to use DES only
> >>>> • Output from the SSH session will include extra newlines and
> Connection
> >>>> to [host] closed by remote host at times, triggering false positive
> change
> >>>> alerts.
> >>>>
> >>>> To address these issues I created a customized script. I can provide
> >>>> you the whole script, but specifically to address your issue you can
> simply
> >>>> try making one change in your own script. In your ssh_pixconfig_diff
> >>>> script, locate this line:
> >>>>
> >>>> spawn ssh -c des $hostname
> >>>>
> >>>> Remark that line out and use this one instead:
> >>>>
> >>>> spawn ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 $hostname
> >>>>
> >>>>
> >>>>
> >>>> If you encounter some of the other issues, here's my entire revised
> >>>> script that works for me - all the highlights are changes from the
> original
> >>>> script (based on the ASA script, not the PIX script):
> >>>>
> >>>> #!/usr/bin/env expect
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> ###############################################################################
>
>
> >>>>
> >>>> #
> >>>>
> >>>> # PROGRAM: ssh_asa-custom_diff
> >>>>
> >>>> # AUTHOR: Bruce A. Westbrook
> >>>>
> >>>> # DATE: 2017-04-27
> >>>>
> >>>> # PURPOSE: Check ASA for configuration changes
> >>>>
> >>>> #
> >>>>
> >>>> # DEPENDENCIES:
> >>>>
> >>>> # expect
> >>>>
> >>>> #
> >>>>
> >>>> # REVISIONS:
> >>>>
> >>>> #
> >>>>
> >>>> # 2017-04-27 - v1.0
> >>>>
> >>>> # - Initial release, forked from the OSSEC provided
> >>>>
> >>>> # "ssh_asa-fwsmconfig_diff" script
> >>>>
> >>>> #
> >>>>
> >>>>
> >>>>
> ###############################################################################
>
>
> >>>>
> >>>>
> >>>>
> >>>> # Agentless monitoring
> >>>>
> >>>> #
> >>>>
> >>>> # Copyright (C) 2009 Trend Micro Inc.
> >>>>
> >>>> # All rights reserved.
> >>>>
> >>>> #
> >>>>
> >>>> # This program is a free software; you can redistribute it
> >>>>
> >>>> # and/or modify it under the terms of the GNU General Public
> >>>>
> >>>> # License (version 2) as published by the FSF - Free Software
> >>>>
> >>>> # Foundation.
> >>>>
> >>>>
> >>>>
> >>>> # Send log entry that we're starting to run
> >>>>
> >>>> send_user "\nINFO: Starting....\n"
> >>>>
> >>>>
> >>>>
> >>>> if {$argc < 1} {
> >>>>
> >>>> send_user "ERROR: ssh_asa-custom_diff <hostname> <commands>\n";
> >>>>
> >>>> send_user "ERROR: Must be run from /var/ossec\n";
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> # NOTE: this script must be called from within /var/ossec for it to
> >>>> work.
> >>>>
> >>>> set passlist "agentless/.passlist"
> >>>>
> >>>> set hostname [lindex $argv 0]
> >>>>
> >>>> set commands [lrange $argv 1 end]
> >>>>
> >>>> set pass "x"
> >>>>
> >>>> set addpass "x"
> >>>>
> >>>> set timeout 20
> >>>>
> >>>>
> >>>>
> >>>> set lastentry "queue/diff/$hostname-\>ssh_asa-custom_diff/last-entry"
> >>>>
> >>>>
> >>>>
> >>>> if {[string compare $hostname "test"] == 0} {
> >>>>
> >>>> if {[string compare $commands "test"] == 0} {
> >>>>
> >>>> exit 0;
> >>>>
> >>>> }
> >>>>
> >>>> }
> >>>>
> >>>>
> >>>>
> >>>> # Reading the password list.
> >>>>
> >>>> if [catch {
> >>>>
> >>>> set in [open "$passlist" r]
> >>>>
> >>>> } loc_error] {
> >>>>
> >>>> send_user "ERROR: Password list not present (use
> \"register_host\"
> >>>> first).\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>>
> >>>>
> >>>> while {[gets $in line] != -1} {
> >>>>
> >>>> set me [string first "|" $line]
> >>>>
> >>>> set me2 [string last "|" $line]
> >>>>
> >>>> set length [string length $line]
> >>>>
> >>>>
> >>>>
> >>>> if {$me == -1} {
> >>>>
> >>>> continue;
> >>>>
> >>>> }
> >>>>
> >>>> if {$me2 == -1} {
> >>>>
> >>>> continue;
> >>>>
> >>>> }
> >>>>
> >>>> if {$me == $me2} {
> >>>>
> >>>> continue;
> >>>>
> >>>> }
> >>>>
> >>>>
> >>>>
> >>>> set me [expr $me-1]
> >>>>
> >>>> set me2 [expr $me2-1]
> >>>>
> >>>>
> >>>>
> >>>> set host_list [string range $line 0 $me]
> >>>>
> >>>> set me [expr $me+2]
> >>>>
> >>>> set pass_list [string range $line $me $me2]
> >>>>
> >>>> set me2 [expr $me2+2]
> >>>>
> >>>> set addpass_list [string range $line $me2 $length]
> >>>>
> >>>>
> >>>>
> >>>> if {[string compare $host_list $hostname] == 0} {
> >>>>
> >>>> set pass "$pass_list"
> >>>>
> >>>> set addpass "$addpass_list"
> >>>>
> >>>> break
> >>>>
> >>>> }
> >>>>
> >>>> }
> >>>>
> >>>> close $in
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> if {[string compare $pass "x"] == 0} {
> >>>>
> >>>> send_user "ERROR: Password for '$hostname' not found.\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> # SSHing to the box and passing the directories to check.
> >>>>
> >>>> # Fix for SSH issue with poor DES cipher and inability to connect.
> >>>>
> >>>> if [catch {
> >>>>
> >>>> # spawn ssh -c des $hostname
> >>>>
> >>>> spawn ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 $hostname
> >>>>
> >>>> } loc_error] {
> >>>>
> >>>> send_user "ERROR: Opening connection: $loc_error.\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>>
> >>>>
> >>>> expect {
> >>>>
> >>>> "WARNING: REMOTE HOST" {
> >>>>
> >>>> send_user "ERROR: RSA host key for '$hostname' has changed.
> >>>> Unable to access.\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>> "*sure you want to continue connecting*" {
> >>>>
> >>>> send "yes\r"
> >>>>
> >>>> expect "* password:*" {
> >>>>
> >>>> send "$pass\r"
> >>>>
> >>>>
> >>>>
> >>>> expect {
> >>>>
> >>>> "Permission denied" {
> >>>>
> >>>> send_user "ERROR: Incorrect password to remote
> host:
> >>>> $hostname .\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>> timeout {
> >>>>
> >>>> send_user "ERROR: Timeout while running on host
> (too
> >>>> long to finish): $hostname .\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>> "*>" {
> >>>>
> >>>> send_user "\nINFO: Starting.\n"
> >>>>
> >>>> }
> >>>>
> >>>> }
> >>>>
> >>>> }
> >>>>
> >>>> }
> >>>>
> >>>> "ssh: connect to host*" {
> >>>>
> >>>> send_user "ERROR: Unable to connect to remote host: $hostname
> >>>> .\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>> "no address associated with name" {
> >>>>
> >>>> send_user "ERROR: Unable to connect to remote host: $hostname
> >>>> .\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>> "*Connection refused*" {
> >>>>
> >>>> send_user "ERROR: Unable to connect to remote host: $hostname
> >>>> .\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>> "*Connection closed by remote host*" {
> >>>>
> >>>> send_user "ERROR: Unable to connect to remote host: $hostname
> >>>> .\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>> "* password:*" {
> >>>>
> >>>> send "$pass\r"
> >>>>
> >>>>
> >>>>
> >>>> expect {
> >>>>
> >>>> "Permission denied" {
> >>>>
> >>>> send_user "ERROR: Incorrect password to remote host:
> >>>> $hostname .\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>> timeout {
> >>>>
> >>>> send_user "ERROR: Timeout while running on host (too
> >>>> long to finish): $hostname .\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>> "*>" {
> >>>>
> >>>> send_user "INFO: Starting.\n"
> >>>>
> >>>> }
> >>>>
> >>>> }
> >>>>
> >>>> }
> >>>>
> >>>> timeout {
> >>>>
> >>>> send_user "ERROR: Timeout while connecting to host: $hostname
> .
> >>>> \n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>> }
> >>>>
> >>>>
> >>>>
> >>>> # Going into enable mode.
> >>>>
> >>>> send "enable\r"
> >>>>
> >>>> expect {
> >>>>
> >>>> "Password:" {
> >>>>
> >>>> send "$addpass\r"
> >>>>
> >>>>
> >>>>
> >>>> expect {
> >>>>
> >>>> "*asswor*" {
> >>>>
> >>>> send_user "ERROR: Incorrect enable password to remote
> >>>> host: $hostname .\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>> "*rror in authenticatio*" {
> >>>>
> >>>> send_user "ERROR: Incorrect enable password to remote
> >>>> host: $hostname .\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>> timeout {
> >>>>
> >>>> send_user "ERROR: Timeout while going to enable mode
> on
> >>>> host: $hostname .\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>> "*#" {
> >>>>
> >>>> send_user "\nok on enable pass\n"
> >>>>
> >>>> }
> >>>>
> >>>> }
> >>>>
> >>>> }
> >>>>
> >>>> timeout {
> >>>>
> >>>> send_user "ERROR: Timeout while running enable on host:
> >>>> $hostname .\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>> }
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> # Sending commands
> >>>>
> >>>> set timeout 60
> >>>>
> >>>>
> >>>>
> >>>> ###########################################################
> >>>>
> >>>> # FROM THIS POINT (THE send_user "\nSTORE: now\n" COMMAND)
> >>>>
> >>>> # UNTIL THE EXIT, ALL OUTPUT IS SAVED.
> >>>>
> >>>> ###########################################################
> >>>>
> >>>> # Begin storing all stdout
> >>>>
> >>>> send_user "\nSTORE: now\n"
> >>>>
> >>>> # Set our terminal pager to 0 so all our command output on the ASA
> goes
> >>>> by without paging
> >>>>
> >>>> send "term pager 0\r"
> >>>>
> >>>> expect "*#"
> >>>>
> >>>> # Show version info, but excluding uptime from the output since it
> >>>> changes every time
> >>>>
> >>>> send "show version | grep -v Configuration last| up\r"
> >>>>
> >>>> expect "*#"
> >>>>
> >>>> # Show our running configuration
> >>>>
> >>>> send "show running-config\r"
> >>>>
> >>>> expect "*#"
> >>>>
> >>>> # Send any additional commands sent from our OSSEC config for this
> >>>> agentless device
> >>>>
> >>>> send "$commands\r"
> >>>>
> >>>>
> >>>>
> ###################################################################################
>
>
> >>>>
> >>>> # BUGFIX - We'll stop storing data before we close our connection
> >>>> because we keep
> >>>>
> >>>> # getting alerts on changes due to some quirkiness with SSH
> on
> >>>> the ASA.
> >>>>
> >>>> # It adds an additional "Connection to..closed by remote
> host"
> >>>> sometimes
> >>>>
> >>>> # as well as an additional newline at times. Added the
> expect
> >>>> "*#" to
> >>>>
> >>>> # exit out rather than the EOF, thereby eliminating saving
> the
> >>>> extraneous
> >>>>
> >>>> # output that sometimes occurs and gives a false positive
> for
> >>>> changes.
> >>>>
> >>>>
> >>>>
> ###################################################################################
>
>
> >>>>
> >>>> expect {
> >>>>
> >>>> "*#" {
> >>>>
> >>>> send_user "\nINFO: Finished at #.\n"
> >>>>
> >>>> send "exit\r"
> >>>>
> >>>> exit 0;
> >>>>
> >>>> }
> >>>>
> >>>> timeout {
> >>>>
> >>>> send_user "ERROR: Timeout while running commands on host:
> >>>> $hostname .\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>> }
> >>>>
> >>>> eof {
> >>>>
> >>>> send_user "\nINFO: Finished at EOF.\n"
> >>>>
> >>>> exit 0;
> >>>>
> >>>> }
> >>>>
> >>>> }
> >>>>
> >>>>
> >>>>
> >>>> send_user "ERROR: Unable to finish properly.\n"
> >>>>
> >>>> exit 1;
> >>>>
> >>>>
> >>>>
> >>>> On Monday, December 18, 2017 at 10:40:33 PM UTC-5,
> [email protected]
> >>>> wrote:
> >>>>>
> >>>>>
> >>>>> hey guys, I really need u help right now . When i configure the
> ossec
> >>>>> agentless mode, i came cross this problem which is shows
> >>>>>
> >>>>>
> >>>>>
> >>>>> I really have no idea why this problem came out. And it definitely
> >>>>> affect my configuration to monitor cisco switch. Thank u for helping
> ,
> >>>>> sincerely
> >>>>>
> >>>>>
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> Groups
> > "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to [email protected] <javascript:>.
> > For more options, visit https://groups.google.com/d/optout.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
