1207 Error running ossec-reportd

Scott Closter

unread,

Nov 19, 2010, 6:50:43 PM11/19/10

to ossec...@googlegroups.com

Hi there, I am manually trying to run the ossec-reportd process to have a look at some of the reporting available, and I am getting the following error:

ossec-reportd(1207): ERROR: Unable to switch to group: 'ossec'.

I’m running the following for my initial test:

cat /var/ossec/logs/alerts/alerts.log | /var/ossec/ossec-reportd -n “Failures summary” -f group authentication_failures

The OS I’m using is Ubuntu server 10.04 LTS.

Hopefully someone has come across this and fixed it, fingers crossed J

Scott Closter

dan (ddp)

unread,

Nov 19, 2010, 7:24:04 PM11/19/10

to ossec...@googlegroups.com

Are you running this as root?

The ossec group exists right?

Scott Closter

unread,

Nov 19, 2010, 7:31:34 PM11/19/10

to ossec...@googlegroups.com

The ossec group does exist. I'm logged in as a standard user (scloster),
but using "sudo" to run the command. I've verified that my scloster
account is part of the ossec group. I also tried it using sudo -i in the
console then running the command and got the same result.

Scott Closter | | CU Technical & Administrative Services Corp. | 250
627 3654

dan (ddp)

unread,

Nov 19, 2010, 8:04:43 PM11/19/10

to ossec...@googlegroups.com

The only other instace of this I've seen was fixed with a re-compile/re-install.

Scott Closter

unread,

Nov 23, 2010, 5:44:46 PM11/23/10

to ossec...@googlegroups.com

I'll give that a go this week and see how it works out. Fortunetly I'm in the early stages of testing so it's not really a big deal.

Scott

Scott Closter

unread,

Nov 24, 2010, 5:43:19 PM11/24/10

to ossec...@googlegroups.com

That worked like a charm. I renamed my existing /var/ossec folder, reran the install procedure and now I have no issues running ossec-reportd.

Scott Closter

Reply all

Reply to author

Forward