No client configured. Exiting.

[OlRoy OlRoy]

I'm using OSSEC v1.0 running on OpenBSD 4.0, and am following this tutorial for OSSEC v.9 on FreeBSD 6.1 http://www.ossec.net/ossec-docs/ossec_inst_secquard_nl.pdf

When I created the server, agent, and added the agent key it all seemed to work fine, however I get the following error when trying to start OSSEC.

#/var/ossec/bin/ossec-control start
Starting OSSEC HIDS v1.0 (by Daniel B. Cid)...
2007/02/16 06:42:41 ossec-agentd(1215): No client configured. Exiting.
ossec-agentd: Configuration error. Exiting

My /var/ossec//etc/client.keys file also appears to be fine.  Any ideas on what could be wrong?

---

Need Mail bonding?
Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users.

[Daniel Cid]

Hi OlRoy,

Are you getting this message on the server or agent? It should only show
up in the agent if you forgot to configure it properly (give the
server ip address).
If it is showing in the server, something is wrong with your install
(agentd should
not even be called).

Make sure that you have the "client" config in your agent:

http://www.ossec.net/en/manual.html#client_options

Hope it helps.

--
Daniel B. Cid
dcid ( at ) ossec.net

[OlRoy OlRoy]

Hey Daniel,

I've installed the server and the agent on the same box and that's the box I'm getting the error on.  Is that the problem?  I want to be able to monitor the server too so I made it an agent as well.

Daniel Cid <danie...@gmail.com> wrote:

Hi OlRoy,

Are you getting this message on the server or agent? It should only show
up in the agent if you forgot to configure it properly (give the
server ip address).
If it is showing in the server, something is wrong with your install
(agentd should
not even be called).

Make sure that you have the "client" config in your agent:

http://www.ossec.net/en/manual.html#client_options

Hope it helps.

--
Daniel B. Cid
dcid ( at ) ossec.net

[Daniel Cid]

Hi OlRoy,

By default the server does everything that the agent does, so there is no
need to install both. If you want ossec in just one box, choose the
"local" install.

Hope it helps.

--
Daniel B. Cid
dcid ( at ) ossec.net

[Nicolas Arias]

Hello guys.

There weekend iv recieved 2 alerts from a busy server about hidden
ports, both high ports.

In that server i have oracle xe, but it shows the ports in netstat.

We had checked absolutly everything and it doesnt look bad, so, i must
asume that those where false possitives...

Daniel, can you put some ligth in this mistery?

Can you explain how the rootkit detector works?, i mean, the internals,
i will give the source code a try, but human words can help :)

Thanks!
Cheers!

--
Nicolas Arias
Security Officer
+54 11 4109 1885
+54 9 11 5455 0055
nicola...@globant.com

[Joshua Gimer]

Here is a pretty good description of how it works.

http://www.mail-archive.com/ossec...@googlegroups.com/msg01348.html

Josh

--
Thx
Joshua Gimer

[Nicolas Arias]

Great Josh!, good link.

Thanks!

Cheers

[Nicolas Arias]

Look:

From:
OSSEC HIDS <os...@box.com
To:
m...@box.com
Subject:
OSSEC Notification - server1 - Alert
level 10
Date:
Tue, 20 Feb 2007 11:20:10 ART
(08:20 ART)

OSSEC HIDS Notification.
2007 Feb 20 11:19:22

Received From: 192.168.0.xxx->/var/log/hosts/192.168.0.xxx/kern.log
Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system."
Portion of the log(s):

Feb 20 11:19:21 192.168.0.xxx kernel: ReiserFS: dm-1: warning: vs-13070:
reiserfs_read_locked_inode: i/o failure occurred trying to find stat
data of [977 91630 0x0 SD]

Just as heads up, server1 is NOT 192.168.0.xxx

cheers!