OSSEC: Cannot monitor Remote node with agentless

BOM_SAGAR · ‎09-18-2014

Hi Experts,

I cannot configure ossec with agentless.. can anybody please halp me how to achieve it.
I am using password less SSH for logging into remote node which is to be monitored fro OSSEC server.

southeringtonp · ‎04-09-2015

This isn't really the best site for your question -- most of the people here won't be able to offer much assistance since it's about OSSEC configuration and doesn't really have much to do with Splunk or with the Reporting and Management for OSSEC app specifically.

Your best bet would be to ask on the OSSEC Users mailing list.

BOM_SAGAR · ‎09-18-2014

We are using ossec HIDS 2.8 agentless configuration,

    <type>ssh_integrity_check_linux</type>
    <frequency>360</frequency>
    <host>root@10.128.54.103</host>
    <state>periodic</state>
    <arguments>/xyz_old</arguments>

    <type>ssh_integrity_check_linux</type>
    <frequency>360</frequency>
    <host>root@10.128.21.188</host>
    <state>periodic</state>
    <arguments>/var/ossectest/ossec.txt</arguments>

There are two agentless clients(AIX and Linux) we need to monitor but getting below errors in ossec.log,

2014/09/06 20:44:16 ossec-syscheckd: WARN: Error opening directory: '/xyz_old/xyz': No such file or directory
2014/09/06 20:44:16 ossec-syscheckd: WARN: Error opening directory: '/var/ossectest/ossec.txt': No such file or directory

OSSEC: Cannot monitor Remote node with agentless

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!