Following the provided documentation, I'm having problems setting up a remote OSSEC server, step 6. When I run the ossec_agent_status.py script I get the following output...
I'm not really sure what to make of this. I read the docs for 3rdparty/pexpect-2.3 about this error and not really sure how to troubleshoot this. Splunk is 4.2.1, build 98164, OSSEC app is latest. Both the Splunk server and OSSEC server are CentOS 5.6. Here's the output of the "AGENT_CONTROL" command run manually from command line (hostnames altered and IPs removed):
Any help is greatly appreciated.
asked 26 May '11, 19:53
Looks like the script is barfing on the command line you have provided. Try using the following in your ossec_servers.conf:
answered 07 Jun '11, 12:16
I have the same error, but for a local server. Did adding the FQDN to the command line help the remote execution? Thanks,
answered 18 Aug '11, 05:19