On Sun, Jan 8, 2012 at 11:18 PM, Jeff Jennings <[email protected]> wrote: > sure - I have multiple ip addresses on one server with different websites > running on each of the ip addresses. >
OSSEC (mostly) monitors logs. It doesn't care much about your IP addresses. You can configure 1 instance to look at the log files of each website. > -----Original Message----- From: dan (ddp) > Sent: Sunday, January 08, 2012 11:05 PM > To: [email protected] > Subject: Re: [ossec-list] multiple agents on a single server > > > On Sun, Jan 8, 2012 at 9:49 PM, Jeff Jennings > <[email protected]> wrote: >> >> I ran across these instructions on how to install multiple agents on a >> single server since I need to monitor multiple IP’s >> >> >> http://www.immutablesecurity.com/index.php/2010/10/22/2woo-day-6-running-multiple-instances-on-one-box/comment-page-1/#comment-1043 >> I posted my problem in the comment area on this guy’s page but I guess he >> did not like the question and deleted my comment. >> >> In any event – his page refers to the following: >> >> Now, go into the <remote> section of ossec.conf in each remote instance >> and >> configure the <local_ip> option to point to the correct IP. Make sure each >> instance points to a unique IP. >> >> I can’t find any section in the ossec-conf file on my agent servers to >> place >> what is referred to above. >> >> ANY IDEAS? >> > > I think the <remote> section is only available on the manager. > > I don't understand why you're installing multiple copies on a single > agent though, your explanation made no sense. Any chance you could > elaborate? > >> In addition his instructions go on to supply a startup script which fails >> as >> follows, but I think it’s failing because the additional instances on the >> agents are not bound to specific Ip addresses. >> >> Can anyone give me some help here> >> >> >> >> >> ossec-agentd not running... >> ossec-execd not running... >> [root@marine init.d]# ./ossec.sh start >> Starting OSSEC at /var/ossec6: 2012/01/08 17:44:33 ossec-syscheckd(1702): >> INFO: No directory provided for syscheck to monitor. > > ^^^^ > syscheck isn't configured? > >> /var/ossec6/bin/ossec-control: line 138: 8627 Segmentation fault > > > Not being configured shouldn't cause a segfault in syscheck. What > version are you using? > >> ${DIR}/bin/${i} >> [FAILED] >> Starting OSSEC at /var/ossec: [ OK ] >> Starting OSSEC at /var/ossec2: 2012/01/08 17:44:35 ossec-syscheckd(1702): >> INFO: No directory provided for syscheck to monitor. >> /var/ossec2/bin/ossec-control: line 138: 8691 Segmentation fault >> ${DIR}/bin/${i} >> [FAILED] >> Starting OSSEC at /var/ossec3: 2012/01/08 17:44:35 ossec-syscheckd(1702): >> INFO: No directory provided for syscheck to monitor. >> /var/ossec3/bin/ossec-control: line 138: 8720 Segmentation fault >> ${DIR}/bin/${i} >> [FAILED] >> Starting OSSEC at /var/ossec4: 2012/01/08 17:44:36 ossec-syscheckd(1702): >> INFO: No directory provided for syscheck to monitor. >> /var/ossec4/bin/ossec-control: line 138: 8749 Segmentation fault >> ${DIR}/bin/${i} >> [FAILED] >> Starting OSSEC at /var/ossec5: 2012/01/08 17:44:36 ossec-syscheckd(1702): >> INFO: No directory provided for syscheck to monitor. >> /var/ossec5/bin/ossec-control: line 138: 8778 Segmentation fault >> ${DIR}/bin/${i} >> [FAILED] >> Starting OSSEC at /var/ossec6: 2012/01/08 17:44:36 ossec-syscheckd(1702): >> INFO: No directory provided for syscheck to monitor. >> /var/ossec6/bin/ossec-control: line 138: 8813 Segmentation fault >> ${DIR}/bin/${i} >> [FAILED] >> [root@marine init.d]# > >
