[ossec-list] Re: /etc/client.keys not found

[Forrest Aldrich <forrie@xxxxxxxxxx>]

I'm not sure I follow you here, as I did run the manage_agent command 
and the keys are indeed where they are supposed to be, per my other message.

/var/ossec/etc/client.keys:

-rw-r--r--  1 root  ossec     90 Sep  5 19:48 client.keys

001 machine192.168.1.1 thekeygoeshereblahblahblah

Somewhere in the configuration, the root path was truncated 
(/var/ossec)... I'm trying to figure out where.

Where do the logs get shipped to by default when logging via syslog ... 
as I've yet to see anything come in that route (but that could also be 
due to the client.keys issue above).

Anyone using syslog-ng here?  I'm considering it.

Thanks.


Daniel Cid wrote:
> Hi Forrest,
>
> You need to run the manage_agents tool to add the agents you want
> to connect to your server. The first message means that there is no
> agent allowed to connect. The second message means that you
> didn't allow any IP to send remote syslog messages to ossec, so
> it has no reason to run (nothing is allowed)...
>
> Hope it helps,
>
> --
> Daniel B. Cid
> dcid ( at ) ossec.net
>
> On 9/5/06, Forrest Aldrich <forrie@xxxxxxxxxx> wrote:
> >  Maybe I hit a small config bug here.  I installed 0.9.1-a which 
> > defaults
> > all under /var/ossec:
> >
> >
> > 2006/09/05 16:11:00 ossec-remoted(1402): Authentication key file
> > '/etc/client.keys' not found.
> >
> >  This was generated when one of my agent installs tried to 
> > authenticate, I
> > believe.
> >
> >  I also noticed this:
> >
> >
> > 2006/09/05 16:10:59 ossec-remoted(1501): No IP or network allowed in the
> > access list for syslog. No reason for running it. Exiting.
> >
> >  So it seems something got missed during the initial config... or did 
> > I miss
> > something.
> >
> >
> >  Thanks.