Windows OSSEC Agent 2.8.3 – cannot install on Windows server 2012 R2

[Andrei Duca]

Hi guys,

 

I downloaded the OSSEC agent 2.8.3 for Windows and when I run it nothing happens.

From cmd it asks for a path as parameter and when one is added I get the following errors:

 

C:\ossec-agent-win32-2.8.3.exe C:\Ossec

[SC] OpenService FAILED 1060:

 

The specified service does not exist as an installed service.

 

2015/11/10 00:43:12 setup-windows: INFO: System is Vista or newer (Microsoft Win

dows Server 2008 R2 Datacenter Edition (full) Service Pack 1 (Build 7601) - OSSE

C HIDS v2.8.3).

The system cannot find the file specified.

The system cannot find the file specified.

The system cannot find the file specified.

The system cannot find the file specified.

The system cannot find the file specified.

Are you sure (Y/N)?processed file: C:\Tools\Ossec\ossec.log

The system cannot find the file specified.

The system cannot find the file specified.

The system cannot find the file specified.

The system cannot find the file specified.

The system cannot find the file specified.

 

Is the compiled version for Windows broken or am I doing something wrong?

 

Thanks for your help.

Andrei

[dan (ddp)]

It installed fine on vista and win7. But I never tried a command line install.

>
> Thanks for your help.
>
> Andrei
>

> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[SoulAuctioneer]

I get the feeling this never worked but that is just me. Also, I don't think you have to put in a path if doing a slient install or anything and it should just work.

[Konrad W]

Same issue here on Windows 7...package doesn't install...asking to specify the path and no go with the path either...

[Santiago Bassett]

Looks like the Windows agent file in ossec.net is corrupted. The file is only 207K, and Sha256 checksum doesn't match.

We have a pre-compiled Windows agent at http://ossec.wazuh.com/windows/

This one is 1.1MB and works fine for us.

I'll reach Vic so he can upload a new one to ossec.net 

Best regards,

Santiago.

--

[Jb Cheng]

I downloaded the 2.8.3 Windows agent from http://www.ossec.net/?page_id=19 today, ( https://bintray.com/artifact/download/ossec/ossec-hids/ossec-agent-win32-2.8.3.exe).

The EXE file size is 1,146 KB. The SHA256 check sum is: 

feb135286ed19382cc479b7f035be5296360291900faf01338accad59f910e4a  ossec-agent-win32-2.8.3.exe

I installed it on my Win 7 and Win Server 2012 R2 boxes, and both installations were successful. 

[Santiago Bassett]

Yes, I think is ok now. This was fixed by Dan a few days ago.

We can close this issue.

[Mellisa]

I have been experiencing the same issue withe agent failing after upgrading from 2.4.X to 2.8.3 the agent will not connect to the server.  I have the server running on Centos 7 and I have check my log and i see no error.  I will attempt this again in the coming week withe the newly implies agent and see if I have better luck.

If anyone have any ideas please feel free to make suggestion.

[Mellisa]

I am still having issues, I download the server and the agent yesterday and the agent is still unable to connect to the server.  Can someone direct me to the Gossec files that are not broken so i can get this working as it should.

Thanks

[dan (ddp)]

On Wed, Nov 18, 2015 at 7:18 AM, Mellisa <nofarq...@gmail.com> wrote:
> I am still having issues, I download the server and the agent yesterday and
> the agent is still unable to connect to the server. Can someone direct me
> to the Gossec files that are not broken so i can get this working as it
> should.
>

Not being able to connect to the server is different than not being
able to install the agent.

[dan (ddp)]

On Fri, Nov 13, 2015 at 10:36 PM, Mellisa <nofarq...@gmail.com> wrote:
> I have been experiencing the same issue withe agent failing after upgrading
> from 2.4.X to 2.8.3 the agent will not connect to the server. I have the
> server running on Centos 7 and I have check my log and i see no error. I
> will attempt this again in the coming week withe the newly implies agent and
> see if I have better luck.
>
> If anyone have any ideas please feel free to make suggestion.
>

Start the manager processes in debug mode:
`/var/ossec/bin/ossec-control enable debug &&
/var/ossec/bin/ossec-control restart`

Then restart the agent processes/service, and see if any log messages
applicable to the issue are created.

Are there any logs on the agents that might give us a clue as to what
the problem is?

[Jamaica Treasures]

Hi Don, I got the agent to connect finally, but nothing that I do or change on my server I don't get an alert for.  I see this error in the log on the agent:

ossec-agent: More than 600 seconds without server response...sending win32info

I don't see any error in the Server log.

You received this message because you are subscribed to a topic in the Google Groups "ossec-list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ossec-list/bTC6_6-Cqco/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ossec-list+...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Best Regards,

Nicola Farquharson

IT Consultant

M: 1-519-630-9409

Skype: Nicolaja 

nofarq...@gmail.com

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

[Jamaica Treasures]

Hi Don, I finally got the agent to connect, but no activity carried out on this server is been reported by ossec. Can you please help!

Thanks

On 18 November 2015 at 07:44, dan (ddp) <ddp...@gmail.com> wrote:

You received this message because you are subscribed to a topic in the Google Groups "ossec-list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ossec-list/bTC6_6-Cqco/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ossec-list+...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Jamaica Treasures]

I got the agent connecting but on the agent I am getting this error:

Ossec-agent: More than 600 seconds without server response...sending win32info

Could this be the reason why activities carried out on the agent machine is not been reported by ossec?

Thanks

--

---
You received this message because you are subscribed to a topic in the Google Groups "ossec-list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ossec-list/bTC6_6-Cqco/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ossec-list+...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

[Mellisa]

Hi Don,

I got the agent connecting but on the agent I am getting this error:

Ossec-agent: More than 600 seconds without server response...sending win32info

Could this be the reason why activities carried out on the agent machine is not been reported by ossec?

Thanks

On Monday, November 9, 2015 at 10:06:40 AM UTC-5, Andrei Duca wrote:

[Nikhil Verma]

Hi Mellisa,

i am also getting same error , did you got any solution for this error.

Regards
Nikhil