OSSEC: Cannot monitor Remote node with agentless

24 views
Skip to first unread message

Nitin Bhawarkar

unread,
Sep 22, 2014, 11:14:44 PM9/22/14
to ossec...@googlegroups.com
We are using ossec HIDS 2.8 agentless configuration,


        <type>ssh_integrity_check_linux</type>
        <frequency>360</frequency>
        <host>ro...@10.128.54.103</host>
        <state>periodic</state>
        <arguments>/xyz_old</arguments>

        <type>ssh_integrity_check_linux</type>
        <frequency>360</frequency>
        <host>ro...@10.128.21.188</host>
        <state>periodic</state>
        <arguments>/var/ossectest/ossec.txt</arguments>

There are two agentless clients(AIX and Linux) we need to monitor but getting below errors in ossec.log,

2014/09/06 20:44:16 ossec-syscheckd: WARN: Error opening directory: '/xyz_old/xyz': No such file or directory
2014/09/06 20:44:16 ossec-syscheckd: WARN: Error opening directory: '/var/ossectest/ossec.txt': No such file or directory

dan (ddp)

unread,
Sep 23, 2014, 5:11:53 AM9/23/14
to ossec...@googlegroups.com

Do those files exist? Is the OS blocking access to those files?

> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

Nitin Bhawarkar

unread,
Sep 25, 2014, 11:49:12 AM9/25/14
to ossec...@googlegroups.com
Yes these file exist on remote server, and there passwordless SSH configured to access those files. There is no OS level blocking issue here.

dan (ddp)

unread,
Sep 25, 2014, 12:11:05 PM9/25/14
to ossec...@googlegroups.com
Try running the scripts by hand to see if it offers anymore information.

Nitin Bhawarkar

unread,
Sep 26, 2014, 12:28:12 AM9/26/14
to ossec...@googlegroups.com
I have tried running those scripts manually but of no use.. Can u please send summarize steps to configure agentless, will try it from scratch. May I am doing some mistake in previous settings/configuration I did..



You received this message because you are subscribed to a topic in the Google Groups "ossec-list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ossec-list/RYq40rab-YA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ossec-list+...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



--
Thanks 'N' Regards,
Nitin R Bhawarkar

dan (ddp)

unread,
Sep 29, 2014, 9:16:05 AM9/29/14
to ossec...@googlegroups.com
On Fri, Sep 26, 2014 at 12:02 AM, Nitin Bhawarkar
<nitinbh...@gmail.com> wrote:
> I have tried running those scripts manually but of no use.. Can u please
> send summarize steps to configure agentless, will try it from scratch. May I
> am doing some mistake in previous settings/configuration I did..
>

I don't use agentless, so I'd just be copy/pasting the documentation.
What errors are you getting when you run the commands manually?
Telling me they don't work without providing details isn't going to
help me help you.
Reply all
Reply to author
Forward
0 new messages