LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-29-2012, 12:12 AM   #1
newbie14
Member
 
Registered: Sep 2011
Posts: 414

Rep: Reputation: Disabled

I have just installed the ossec accordingly as the server when it asked for my email i put in my gmail and for the smtp I was not sure just put as localhost first. Then it run a number of commands accordingly finally it states this

Code:
In order to connect agent and server, you need to add each agent to the server.
   Run the 'manage_agents' to add or remove them:

   /var/ossec/bin/manage_agents
Another thing I did this /var/ossec/bin/ossec-control start
Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)...
OSSEC analysisd: Testing rules failed. Configuration error. Exiting.
Started ossec-maild...
Started ossec-execd...
Started ossec-analysisd...
Started ossec-logcollector...
Started ossec-remoted...
Started ossec-syscheckd...
Started ossec-monitord...
Completed.

So what error is it telling me about the configuration?

I am new to ossec installation. I tried to installed it as manager and new I did this /var/ossec/bin/ossec-control start
Code:
Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)...
OSSEC analysisd: Testing rules failed. Configuration error. Exiting.
Started ossec-maild...
Started ossec-execd...
Started ossec-analysisd...
Started ossec-logcollector...
Started ossec-remoted...
Started ossec-syscheckd...
Started ossec-monitord...
Completed.
Part of config file is as below.

Code:
<global>
    <email_notification>yes</email_notification>
    <email_to>*****@gmail.com</email_to>
    <smtp_server>localhost</smtp_server>
    <email_from>ossecm@localhost.localdomain</email_from>
  </global>
I managed to solve the issue by using this command ln s /var/ossec/bin/osseclogtest /var/ossec/ossec-logtest . What I need to verify is that should I set the agentless setting and how test if the ossec is working and able to send me emails? Thank you.

Last edited by unSpawn; 01-03-2013 at 03:03 PM. Reason: //Merged same topic threads
 
Old 01-02-2013, 09:36 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Quote:
What I need to verify is that should I set the agentless setting and how test if the ossec is working and able to send me emails?
I am not entirely sure what you mean by agentless setting. Ossec can either be installed as a standalone system, which is the most common and typical installation, or a client-server. Unless you are running multiple servers that you want monitored and reported by one location, go with the integrated, stand alone, installation.

As far as emailing, you should have received an email saying "ossec server started" when your system was initialized. I noticed that you are sending your emails to @gmail.com which could be problematic. Unless you have taken steps to either make your system a regular mail server that gmail will accept under normal circumstances or are using an SMTP relay such as through your ISP, you face a very high likelihood that your mail will be rejected by gmail. I would suggest you start by letting ossec send mail to root or another local account and then see if you receive those, then work on getting gmail to accept your messages.
 
Old 01-02-2013, 10:03 AM   #3
newbie14
Member
 
Registered: Sep 2011
Posts: 414

Original Poster
Rep: Reputation: Disabled
Dear Noway2,
Ok lets go first with the installation type in the begining it ask me is it a manager I type as manager so what should I do in the very first step what type of installation and how to to setup the standalone installation? Where I could have gone wrong?

Regarding the email how should the setup be if I need to just send to local root? What changes should I do then? I will go with your suggestion get the root to receive the email first. Thank you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Ossec error glennbtn Linux - Server 1 07-15-2012 08:07 AM
Regding OSSEC vamsi_k Linux - Software 0 05-04-2012 05:38 AM
ossec Issue glennbtn Linux - Software 2 07-29-2010 10:06 AM
Problems with installation on disc1 (confirmation dialog) NEED HELP!!! SRneXus Fedora 5 02-23-2007 04:51 AM
OSSEC report - is this OKAy? Old_Fogie Linux - Security 7 10-23-2006 07:03 AM


All times are GMT -5. The time now is 12:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration