LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Virtualization and Cloud (http://www.linuxquestions.org/questions/linux-virtualization-and-cloud-90/)
-   -   How to connect an ossec agent installed on Virtualbox to host machine running on Cent (http://www.linuxquestions.org/questions/linux-virtualization-and-cloud-90/how-to-connect-an-ossec-agent-installed-on-virtualbox-to-host-machine-running-on-cent-4175445784/)

sriramdas 01-16-2013 12:21 AM

How to connect an ossec agent installed on Virtualbox to host machine running on Cent
 
Hi Guys,


Am trying to install ossec IDS on my CentOS 6.3 machine.
Successfully installed it (Ossec Server on host machine). Have a Ubuntu 10.04 installation running on my virtual Box 4.2. Installed the ossec agent on the ubuntu.

I have all the agents of ossec installed on my host machine (Centos). Configure the agent, added the ip of the VBOX machine to the agent. Restarted the ossec service but still the agent installed in Virtual box is not connecting to the server installed on the host (CentOS 6.3).

Can any one please advise on this?

The out from host machine (CentOS )
------------------------------------------
root@localhost ossec-hids-2.7]# /var/ossec/bin/ossec-control restart
Killing ossec-monitord ..
Killing ossec-logcollector ..
Killing ossec-remoted ..
Killing ossec-syscheckd ..
Killing ossec-analysisd ..
Killing ossec-maild ..
Killing ossec-execd ..
OSSEC HIDS v2.7 Stopped
Starting OSSEC HIDS v2.7 (by Trend Micro Inc.)...
Started ossec-maild...
Started ossec-execd...
Started ossec-analysisd...
Started ossec-logcollector...
Started ossec-remoted...
Started ossec-syscheckd...
Started ossec-monitord...
Completed.
[root@localhost ossec-hids-2.7]# /var/ossec/bin/agent_control -l

OSSEC HIDS agent_control. List of available agents:
ID: 000, Name: localhost.localdomain (server), IP: 127.0.0.1, Active/Local
ID: 001, Name: sriramvbox, IP: 10.0.2.15, Never connected

List of agentless devices:

---------------------------------------------------------------

Am sure the ip of the vbox is correct.

Imported the key from the server to agent (running on Vbox). but getting the following errors.

------------------------------------------------------------------
root@sriramdas-desktop:/var/ossec/bin# /var/ossec/bin/manage_agents


****************************************
* OSSEC HIDS v2.7 Agent manager. *
* The following options are available: *
****************************************
(I)mport key from the server (I).
(Q)uit.
Choose your action: I or Q: I

* Provide the Key generated by the server.
* The best approach is to cut and paste it.
*** OBS: Do not include spaces or new lines.

Paste it here (or '\q' to quit): MDAxIHNyaXJhbXZib3ggMTAuMC4yLjE1IDRhYzIyMGMzMmQ0ZjgxZDMyYmEyOTgzMTcyMDlhMzc0YWEwNjE2ZTVhZWQ2NjQ4ZDBk NWY0OTcxMjU3OTVhYjk=

Agent information:
ID:001
Name:sriramvbox
IP Address:10.0.2.15

Confirm adding it?(y/n): y
Added.
** Press ENTER to return to the main menu.



****************************************
* OSSEC HIDS v2.7 Agent manager. *
* The following options are available: *
****************************************
(I)mport key from the server (I).
(Q)uit.
Choose your action: I or Q: Q

** You must restart OSSEC for your changes to take effect.

manage_agents: Exiting ..
root@sriramdas-desktop:/var/ossec/bin# /var/ossec/bin/ossec-control stop
ossec-logcollector not running ..
ossec-syscheckd not running ..
ossec-agentd not running ..
Killing ossec-execd ..
OSSEC HIDS v2.7 Stopped
root@sriramdas-desktop:/var/ossec/bin# /var/ossec/bin/ossec-control start
Starting OSSEC HIDS v2.7 (by Trend Micro Inc.)...
Started ossec-execd...
2013/01/16 10:47:17 ossec-config(1230): ERROR: Invalid element in the configuration: 'client'.
2013/01/16 10:47:17 ossec-config(1202): ERROR: Configuration error at '/var/ossec/etc/ossec.conf'. Exiting.
2013/01/16 10:47:17 ossec-agentd(1215): ERROR: No client configured. Exiting.
root@sriramdas-desktop:/var/ossec/bin#
----------------------------------------------------------

Can anyone please advise on what can be done next?

Thanks,
Sriram A Das


All times are GMT -5. The time now is 06:23 AM.