Hi DougNot 100%, but pretty sure if that if your environment is only 1 server with 1 install then there is no need to run the agent, as there is no agent. You simply run it on the server.
Thanks
dkoleary <mailto:dkole...@olearycomputers.com> August 23, 2012 9:26 AM Hi;My ossec environment, currently, consists of only one ossec server. That'll expand reasonably soon; however, at the moment, just got the one server. Since I only had the one server, when I started, I did not run the manage_agents command. After some changes to the ossec config file, I ran the "agent_control -r -a" to run an immediate syscheck and got the error:2012/08/23 11:01:00 agent_control(1210): ERROR: Queue '/queue/alerts/ar' not accessible: 'Connection refused'. 2012/08/23 11:01:00 agent_control(1301): ERROR: Unable to connect to active response quDo I have to add an agent for the server? I tried that; however, when I run the agent_control command above, while I'm not getting the error, I'm not getting the alerts that I should be after running an immediate syscheck.Thanks for any hints/tips/suggestions. Doug O'Leary
<<inline: compose-unknown-contact.jpg>>
