[ossec-list] Cannot get agent profiles working on windows

[Андрей Шевченко]

ossec.conf(agent):
 

 ossec_config


 client

config-profiletest1/config-profile

 server-ip1.1.1.1/server-ip

/client


 active-response

disabledno/disabled

/active-response


 /ossec_config


agent.conf(server):

agent_config name=test_PC

syscheck

  directories check_all=yesD://directories

/syscheck

/agent_config

 

 agent_config profile=test1

syscheck

  directories check_all=yesF://directories

/syscheck

/agent_config


 agent_config os=Windows

syscheck

directories check_all=yesC://directories

/syscheck

/agent_config


 ossec.log(agent):

2013/02/18 15:41:34 ossec-agent: INFO: Monitoring directory: 'D:/'.

2013/02/18 15:41:34 ossec-agent: INFO: Monitoring directory: 'C:/'


Disk F is not monitored

The equal config works perfect for agent under FreeBSD.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[ossec-list] Cannot get agent profile working on windows (2nd try)

[Андрей Шевченко]

osssec.conf(agent test_PC):

ossec_config


 client

config-profiletest1/config-profile

 server-ip1.1.1.1/server-ip

/client


 active-response

disabledno/disabled

/active-response


 /ossec_config



agent.conf(server):

agent_config name=test_PC

syscheck

directories check_all=yesD://directories

/syscheck

/agent_config


 agent_config profile=test1

syscheck

  directories check_all=yesF://directories

/syscheck

/agent_config


 agent_config os=Windows

syscheck

  directories check_all=yesC://directories

/syscheck 

/agent_config 


ossec.log(agent):

2013/02/18 15:41:34 ossec-agent: INFO: Monitoring directory: 'D:/'.

2013/02/18 15:41:34 ossec-agent: INFO: Monitoring directory: 'C:/'.


Disk F is not monitored.

Equal configuration for agent under FreeBSD works fine.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[ossec-list] ossec-csyslogd dies on status query

[Uldis Biks]

Hi everyone,

I`m trying to enable log forwarding from ossec server to syslog by enabling 
client-syslog option from ossec-control script. Running ossec-control 
startshows that ossec-csyslogd is started but after that running ossec-control 
status ossec-csyslogd dies. When debug is enabled everything is working as 
it should and syslog receives messages. Ossec server 2.7, OS RHEL5.9 i386, 
selinux disabled. 
Any idea anyone where could be a problem?

[root@~ bin]# ./ossec-control enable client-syslog
[root@~ bin]# ./ossec-control restart
Killing ossec-monitord .. 
Killing ossec-logcollector .. 
Killing ossec-remoted ..  
Killing ossec-syscheckd ..
Killing ossec-analysisd ..
ossec-maild not running ..
ossec-execd not running ..
ossec-csyslogd not running .. 
OSSEC HIDS v2.7 Stopped   
Starting OSSEC HIDS v2.7 (by Trend Micro Inc.)...
Started ossec-csyslogd...
2013/02/18 14:14:25 ossec-maild: INFO: E-Mail notification disabled. Clean 
Exit.
Started 
ossec-maild...  
Started 
ossec-execd...  
Started 
ossec-analysisd...  
Started 
ossec-logcollector...   
Started 
ossec-remoted...
Started 
ossec-syscheckd...  
Started 
ossec-monitord...   
Completed.  
[root@~ bin]# ./ossec-control status 
ossec-monitord is running...  
ossec-logcollector is running...  
ossec-remoted is running...   
ossec-syscheckd is running... 
ossec-analysisd is running... 
ossec-maild not running...
ossec-execd not running...
ossec-csyslogd: Process 6678 not used by ossec, removing ..   
ossec-csyslogd not running... 

ossec.log contains only one record about ossec-csyslogd, otherwise it`s 
clean.
2013/02/18 14:14:25 ossec-csyslogd: INFO: Started (pid: 6678).

[root@~ bin]# ./ossec-control enable 
debug 
[root@~ bin]# ./ossec-control 
restart
Killing ossec-monitord 
..  
   

Killing ossec-logcollector 
.. 

Killing ossec-remoted 
..  


Killing ossec-syscheckd 
..  
  

Killing ossec-analysisd 
..  
  

ossec-maild not running 
..  
  

ossec-execd not running 
..  
  

ossec-csyslogd not running 
.. 

OSSEC HIDS v2.7 
Stopped 
  

Starting OSSEC HIDS v2.7 (by Trend Micro 
Inc.)... 
2013/02/18 14:15:41 ossec-csyslogd: DEBUG: Starting 
...   
Started 
ossec-csyslogd...   
  

2013/02/18 14:15:41 ossec-maild: DEBUG: Starting 
...  
2013/02/18 14:15:41 ossec-maild: INFO: E-Mail notification disabled. Clean 
Exit.  
Started 
ossec-maild...  
  

Started 
ossec-execd...  
  

2013/02/18 14:15:41 ossec-analysisd: DEBUG: Starting 
...  
2013/02/18 14:15:41 ossec-analysisd: DEBUG: Found user/group 
...  
2013/02/18 14:15:41 ossec-analysisd: DEBUG: Active response initialized 
...   
2013/02/18 14:15:41 adding rule: .. [adding all rules] 
   
2013/02/18 14:15:41