Hi Jelle, ossec-hids-agent package should be the only one you need. Not sure why you are getting these errors.
The process to connect an agent to a server requires you to: - Run /var/ossec/bin/manage_agents and import the key from the server. - Edit /var/ossec/etc/ossec.conf and set the server-ip variable. - Restart ossec-hids (service ossec restart) Of course, previously to these steps, you would also need to add a new agent on the manager (your OSSIM system in this case). You can also use manage_agents for this (or do it from the GUI). If you already did this and it doesn't work, lets try to figure out what the issue is. Please if possible let me know what Debian version you are using. As well please double check that ossec-remoted process is running on the server. The output of these commands would help: ps aux | grep ossec (both for the agent and your ossim box, the manager) dpkg -l | grep -i ossec service ossec status cat /etc/debian_version Thank you, Santiago. On Sat, Aug 2, 2014 at 2:02 AM, Jelle B. <[email protected]> wrote: > Hi all, > > I have this issue which seems to normally be server related but I might be > wrong I. > > I am trying to setup a collection of Debian host to connect with agent to > my OSSIM appliance. > > Now with my wfirst test host I run into a problem, as I will have to > redistribute the software via puppet I want to use the dibian repository > and as such I thought installing the ossec-hids-agent package would install > all I would need except the client key but then ... > > lab_webfarm [[email protected] etc]# service ossec start > Starting OSSEC HIDS v2.8 (by Trend Micro Inc.)... > Deleting PID file '/var/ossec/var/run/ossec-logcollector-20693.pid' not > used... > Deleting PID file '/var/ossec/var/run/ossec-agentd-20689.pid' not used... > ossec-execd already running... > 2014/08/02 10:59:55 ossec-agentd: INFO: Using notify time: 600 and max > time to reconnect: 1800 > Started ossec-agentd... > 2014/08/02 10:59:55 ossec-logcollector: DEBUG: Starting ... > Started ossec-logcollector... > 2014/08/02 10:59:55 ossec-syscheckd: DEBUG: Starting ... > 2014/08/02 10:59:55 ossec-rootcheck: DEBUG: Starting ... > 2014/08/02 10:59:55 ossec-rootcheck: Starting queue ... > 2014/08/02 10:59:58 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2014/08/02 10:59:58 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2014/08/02 11:00:06 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2014/08/02 11:00:06 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2014/08/02 11:00:19 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2014/08/02 11:00:19 ossec-rootcheck(1211): ERROR: Unable to access queue: > '/var/ossec/queue/ossec/queue'. Giving up.. > ossec-syscheckd did not start > lab_webfarm [[email protected] etc]# service ossec status > ossec-logcollector: Process 20732 not used by ossec, removing .. > ossec-logcollector not running... > ossec-syscheckd not running... > ossec-agentd: Process 20728 not used by ossec, removing .. > ossec-agentd not running... > ossec-execd is running... > lab_webfarm [[email protected] etc]# > > I assume I am missing something , do I need the ossec-hids package aswell > , and if so why is it not installed as a dependency to ossec-hids-agent ;-) > > Any help and pointers in teh right direction would be helpfull. > > Regards, > J. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
