[ossec-list] Re: /etc/client.keys not found

[Forrest Aldrich <forrie@xxxxxxxxxx>]

Where in the setup does it ask for a syslog IP to permit?  Other than 
giving it the IP of the client (which I did via manage_agents, and I 
imported the key to the agent).

I'm still debugging the setup - however, under what circumstances will 
OSSEC log to the server via syslog.  I may switch my systems to 
syslog-ng for better control; however, at the moment it's just stock 
syslogd (FreeBSD6.1).


Thanks.


Daniel Cid wrote:
> Hi Forrest,
>
> You need to run the manage_agents tool to add the agents you want
> to connect to your server. The first message means that there is no
> agent allowed to connect. The second message means that you
> didn't allow any IP to send remote syslog messages to ossec, so
> it has no reason to run (nothing is allowed)...
>
> Hope it helps,
>
> --
> Daniel B. Cid
> dcid ( at ) ossec.net
>
> On 9/5/06, Forrest Aldrich <forrie@xxxxxxxxxx> wrote:
> >  Maybe I hit a small config bug here.  I installed 0.9.1-a which 
> > defaults
> > all under /var/ossec:
> >
> >
> > 2006/09/05 16:11:00 ossec-remoted(1402): Authentication key file
> > '/etc/client.keys' not found.
> >
> >  This was generated when one of my agent installs tried to 
> > authenticate, I
> > believe.
> >
> >  I also noticed this:
> >
> >
> > 2006/09/05 16:10:59 ossec-remoted(1501): No IP or network allowed in the
> > access list for syslog. No reason for running it. Exiting.
> >
> >  So it seems something got missed during the initial config... or did 
> > I miss
> > something.
> >
> >
> >  Thanks.