subject:"\[ossec\-list\] Fresh install error from Agent"

Re: [ossec-list] Fresh install error from Agent

2020-01-09 Thread dan (ddp)

On Wed, Jan 8, 2020 at 4:29 PM agsossec  wrote:
>
> Hello,
> We am setting up a test OSSEC server and agent -- both on AWS Linux
> On both we
>
> ran, sudo wget https://www.atomicorp.com/installers/atomic && sudo chmod +x 
> atomic && sudo ./atomic
> saved a copy of the agent config -- /var/ossec/etc/ossec-agent.conf 
> /var/ossec/etc/ossec-agent.conf.orig
> edited the agent config
>
> removed the example line
> changed the server IP our our OSSEC server IP
> restarted the OSSEC services
>
> At first we received an error, saying that the system was failing upon not 
> finding the default server IP address -- which was only in the saved copy of 
> the Agent config file.
> When we deleted that file, and restarted the service, we now get the error...
>
> ossec-agentd(4105): ERROR: No valid server IP found.
> ossec-agentd(1215): ERROR: No client configured. Exiting.
>
> In the file = /var/ossec/etc/ossec-agent.conf
>
> 
>   
> 10.1.252.41
>   
>
> In the logs, we see...
>
> 2020/01/08 11:49:37 ossec-execd(1314): INFO: Shutdown received. Deleting 
> responses.
> 2020/01/08 11:49:37 ossec-execd(1225): INFO: SIGNAL [(15)-(Terminated)] 
> Received. Exit Cleaning...
> 2020/01/08 11:49:38 ossec-agentd(4105): ERROR: No valid server IP found.
> 2020/01/08 11:49:38 ossec-execd: INFO: Started (pid: 3326).
> 2020/01/08 11:49:38 ossec-agentd(1215): ERROR: No client configured. Exiting.
>
> What are doing wrong?
> Thank you!
>
>

I don't have an AWS instance to test against, so I tried the CentOS 7 package.
I couldn't reproduce the issue (but I did have to remove a default agent.conf?).

I even tried using the ossec_config snippet posted above, and couldn't
get the same error.

>
>
>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups 
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ossec-list/7dbb8b68-6c70-461b-a2b3-9a9ca901eb9c%40googlegroups.com.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/CAMyQvMpk9HrBU_ag6qPHEwty%3DcujjPyovTD3wStxoRnhZRGOtQ%40mail.gmail.com.

Re: [ossec-list] Fresh install error from Agent

2020-01-08 Thread agsossec

We decided to try using Wazuh instead.
Case closed.


On Wednesday, January 8, 2020 at 5:03:37 PM UTC-5, agsossec wrote:
>
> From the Server, we had previously added the Agent...
>
> §* OSSEC HIDS v3.5.0 Agent manager. *
> §* The following options are available: *
> §
> §   (A)dd an agent (A).
> §   (E)xtract key for an agent (E).
> §   (L)ist already added agents (L).
> §   (R)emove an agent (R).
> §   (Q)uit.
> §Choose your action: A,E,L,R or Q: E
> §
> §Available agents: 
> §   ID: 001, Name: testadmin2, IP: 10.1.252.50
>
> Is that what you are referring to?
>
>
> On Wednesday, January 8, 2020 at 4:58:43 PM UTC-5, theruck242 wrote:
>>
>> you need to add the client on the server side with the appropriate command
>>
>> On 8 Jan 2020, at 22:29, agsossec  wrote:
>>
>> 
>> Hello,
>> We am setting up a test OSSEC server and agent -- both on AWS Linux
>> On both we
>>
>>- ran, sudo wget https://www.atomicorp.com/installers/atomic && sudo 
>>chmod +x atomic && sudo ./atomic
>>- saved a copy of the agent config -- /var/ossec/etc/ossec-agent.conf 
>>/var/ossec/etc/ossec-agent.conf.orig
>>- edited the agent config
>>   - removed the example line
>>   - changed the server IP our our OSSEC server IP
>>   - restarted the OSSEC services
>>
>> At first we received an error, saying that the system was failing upon 
>> not finding the default server IP address -- which was only in the saved 
>> copy of the Agent config file.
>> When we deleted that file, and restarted the service, we now get the 
>> error... 
>>
>> ossec-agentd(4105): ERROR: No valid server IP found.
>> ossec-agentd(1215): ERROR: No client configured. Exiting.
>>
>> In the file = /var/ossec/etc/ossec-agent.conf
>>  
>>
>> 
>>   
>> 10.1.252.41
>>   
>>
>> In the logs, we see...
>>
>> 2020/01/08 11:49:37 ossec-execd(1314): INFO: Shutdown received. Deleting 
>> responses.
>> 2020/01/08 11:49:37 ossec-execd(1225): INFO: SIGNAL [(15)-(Terminated)] 
>> Received. Exit Cleaning...
>> 2020/01/08 11:49:38 ossec-agentd(4105): ERROR: No valid server IP found.
>> 2020/01/08 11:49:38 ossec-execd: INFO: Started (pid: 3326).
>> 2020/01/08 11:49:38 ossec-agentd(1215): ERROR: No client configured. 
>> Exiting.
>>
>> What are doing wrong?
>> Thank you!
>>
>>
>>
>>  
>>
>>
>> -- 
>>
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ossec...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ossec-list/7dbb8b68-6c70-461b-a2b3-9a9ca901eb9c%40googlegroups.com
>>  
>> 
>> .
>>
>>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/1e8a07a5-33d8-49b5-90ca-2a18cdb0ca35%40googlegroups.com.

Re: [ossec-list] Fresh install error from Agent

2020-01-08 Thread agsossec

>From the Server, we had previously added the Agent...

§* OSSEC HIDS v3.5.0 Agent manager. *
§* The following options are available: *
§
§   (A)dd an agent (A).
§   (E)xtract key for an agent (E).
§   (L)ist already added agents (L).
§   (R)emove an agent (R).
§   (Q)uit.
§Choose your action: A,E,L,R or Q: E
§
§Available agents: 
§   ID: 001, Name: testadmin2, IP: 10.1.252.50

Is that what you are referring to?


On Wednesday, January 8, 2020 at 4:58:43 PM UTC-5, theruck242 wrote:
>
> you need to add the client on the server side with the appropriate command
>
> On 8 Jan 2020, at 22:29, agsossec > 
> wrote:
>
> 
> Hello,
> We am setting up a test OSSEC server and agent -- both on AWS Linux
> On both we
>
>- ran, sudo wget https://www.atomicorp.com/installers/atomic && sudo 
>chmod +x atomic && sudo ./atomic
>- saved a copy of the agent config -- /var/ossec/etc/ossec-agent.conf 
>/var/ossec/etc/ossec-agent.conf.orig
>- edited the agent config
>   - removed the example line
>   - changed the server IP our our OSSEC server IP
>   - restarted the OSSEC services
>
> At first we received an error, saying that the system was failing upon not 
> finding the default server IP address -- which was only in the saved copy 
> of the Agent config file.
> When we deleted that file, and restarted the service, we now get the 
> error... 
>
> ossec-agentd(4105): ERROR: No valid server IP found.
> ossec-agentd(1215): ERROR: No client configured. Exiting.
>
> In the file = /var/ossec/etc/ossec-agent.conf  
>
>
> 
>   
> 10.1.252.41
>   
>
> In the logs, we see...
>
> 2020/01/08 11:49:37 ossec-execd(1314): INFO: Shutdown received. Deleting 
> responses.
> 2020/01/08 11:49:37 ossec-execd(1225): INFO: SIGNAL [(15)-(Terminated)] 
> Received. Exit Cleaning...
> 2020/01/08 11:49:38 ossec-agentd(4105): ERROR: No valid server IP found.
> 2020/01/08 11:49:38 ossec-execd: INFO: Started (pid: 3326).
> 2020/01/08 11:49:38 ossec-agentd(1215): ERROR: No client configured. 
> Exiting.
>
> What are doing wrong?
> Thank you!
>
>
>
>  
>
>
> -- 
>
> --- 
> You received this message because you are subscribed to the Google Groups 
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ossec...@googlegroups.com .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ossec-list/7dbb8b68-6c70-461b-a2b3-9a9ca901eb9c%40googlegroups.com
>  
> 
> .
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/3167464b-4c06-4f51-8b36-0280be6336de%40googlegroups.com.

Re: [ossec-list] Fresh install error from Agent

2020-01-08 Thread theruck242

you need to add the client on the server side with the appropriate command

> On 8 Jan 2020, at 22:29, agsossec  wrote:
> 
> 
> Hello,
> We am setting up a test OSSEC server and agent -- both on AWS Linux
> On both we
> ran, sudo wget https://www.atomicorp.com/installers/atomic && sudo chmod +x 
> atomic && sudo ./atomic
> saved a copy of the agent config -- /var/ossec/etc/ossec-agent.conf 
> /var/ossec/etc/ossec-agent.conf.orig
> edited the agent config
> removed the example line
> changed the server IP our our OSSEC server IP
> restarted the OSSEC services
> At first we received an error, saying that the system was failing upon not 
> finding the default server IP address -- which was only in the saved copy of 
> the Agent config file.
> When we deleted that file, and restarted the service, we now get the error... 
> 
> ossec-agentd(4105): ERROR: No valid server IP found.
> ossec-agentd(1215): ERROR: No client configured. Exiting.
> 
> In the file = /var/ossec/etc/ossec-agent.conf 
> 
> 
> 
>   
> 10.1.252.41
>   
> 
> In the logs, we see...
> 
> 2020/01/08 11:49:37 ossec-execd(1314): INFO: Shutdown received. Deleting 
> responses.
> 2020/01/08 11:49:37 ossec-execd(1225): INFO: SIGNAL [(15)-(Terminated)] 
> Received. Exit Cleaning...
> 2020/01/08 11:49:38 ossec-agentd(4105): ERROR: No valid server IP found.
> 2020/01/08 11:49:38 ossec-execd: INFO: Started (pid: 3326).
> 2020/01/08 11:49:38 ossec-agentd(1215): ERROR: No client configured. Exiting.
> 
> What are doing wrong?
> Thank you!
> 
> 
> 
>  
> 
> 
> -- 
> 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ossec-list/7dbb8b68-6c70-461b-a2b3-9a9ca901eb9c%40googlegroups.com.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/11C851B0-297F-4599-894D-7AC6BD22F30F%40gmail.com.

[ossec-list] Fresh install error from Agent

2020-01-08 Thread agsossec

Hello,
We am setting up a test OSSEC server and agent -- both on AWS Linux
On both we

   - ran, sudo wget https://www.atomicorp.com/installers/atomic && sudo 
   chmod +x atomic && sudo ./atomic
   - saved a copy of the agent config -- /var/ossec/etc/ossec-agent.conf 
   /var/ossec/etc/ossec-agent.conf.orig
   - edited the agent config
  - removed the example line
  - changed the server IP our our OSSEC server IP
  - restarted the OSSEC services
   
At first we received an error, saying that the system was failing upon not 
finding the default server IP address -- which was only in the saved copy 
of the Agent config file.
When we deleted that file, and restarted the service, we now get the 
error... 

ossec-agentd(4105): ERROR: No valid server IP found.
ossec-agentd(1215): ERROR: No client configured. Exiting.

In the file = /var/ossec/etc/ossec-agent.conf  
   


  
10.1.252.41
  

In the logs, we see...

2020/01/08 11:49:37 ossec-execd(1314): INFO: Shutdown received. Deleting 
responses.
2020/01/08 11:49:37 ossec-execd(1225): INFO: SIGNAL [(15)-(Terminated)] 
Received. Exit Cleaning...
2020/01/08 11:49:38 ossec-agentd(4105): ERROR: No valid server IP found.
2020/01/08 11:49:38 ossec-execd: INFO: Started (pid: 3326).
2020/01/08 11:49:38 ossec-agentd(1215): ERROR: No client configured. 
Exiting.

What are doing wrong?
Thank you!



 


-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/7dbb8b68-6c70-461b-a2b3-9a9ca901eb9c%40googlegroups.com.

Re: [ossec-list] Fresh install error from Agent

Re: [ossec-list] Fresh install error from Agent

Re: [ossec-list] Fresh install error from Agent

Re: [ossec-list] Fresh install error from Agent

[ossec-list] Fresh install error from Agent

5 matches

Site Navigation

Mail list logo

Footer information