chef - [chef] Re: Problem starting OSSEC agent using Chef ossec cookbook

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Problem starting OSSEC agent using Chef ossec cookbook

From: Clif Smith < >
To:
Subject: [chef] Re: Problem starting OSSEC agent using Chef ossec cookbook
Date: Wed, 14 Dec 2011 16:21:37 -0600

Thanks for the reply! I tried adding the code from the ticket for the client
but it appears to create another key which conflicts with the key the server
creates?
On Nov 23, 2011, at 1:19 PM, Joshua Timberman wrote:

> Hi Clif!
>
> On Nov 22, 2011, at 7:17 PM, Clif Smith wrote:
>
>> While I believe ossec::server worked like a charm for my server, I'm
>> seeing the following for clients when using ossec::client:
>>
>> 2011/11/23 01:49:22 ossec-execd: INFO: Started (pid: 21856).
>> 2011/11/23 01:49:22 ossec-agentd(1410): INFO: Reading authentication keys
>> file.
>> 2011/11/23 01:49:22 ossec-agentd(1750): ERROR: No remote connection
>> configured. Exiting.
>> 2011/11/23 01:49:25 ossec-syscheckd(1210): ERROR: Queue
>> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
>> 2011/11/23 01:49:25 ossec-rootcheck(1210): ERROR: Queue
>> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
>> 2011/11/23 01:49:31 ossec-logcollector(1210): ERROR: Queue
>> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
>> 2011/11/23 01:49:31 ossec-logcollector(1211): ERROR: Unable to access
>> queue: '/var/ossec/queue/ossec/queue'. Giving up..
>> 2011/11/23 01:49:33 ossec-syscheckd(1210): ERROR: Queue
>> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
>> 2011/11/23 01:49:33 ossec-rootcheck(1210): ERROR: Queue
>> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
>> 2011/11/23 01:49:46 ossec-syscheckd(1210): ERROR: Queue
>> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
>> 2011/11/23 01:49:46 ossec-rootcheck(1211): ERROR: Unable to access queue:
>> '/var/ossec/queue/ossec/queue'. Giving up..
>>
>> I verified the client can access the server as the server has the client's
>> key is in /var/ossec/etc/client.keys.
>>
>> Any ideas?
>
>
> It looks like ossec really wants the agents to exist in
> /var/ossec/etc/client.keys. Currently, only the server recipe is managing
> this, with the ossec-batch-manager.pl script. You'll need to rerun
> chef-client on the server after ossec is up on the clients, and restart the
> ossec daemons on the client(s). I don't know off-hand a great way to
> coordinate and handle this, yet.
>
> I created http://tickets.opscode.com/browse/COOK-846 for tracking this.
>
>
> --
> Opscode, Inc
> Joshua Timberman, Technical Program Manager
> IRC, Skype, Twitter, Github: jtimberman
>

[chef] Re: Problem starting OSSEC agent using Chef ossec cookbook, Clif Smith, 12/14/2011