2. 在server端添加客户端,并产生key
[root@log var]# /var/ossec/bin/manage_agents
**************************************** * OSSEC HIDS v2.8 Agent manager. * * The following options are available: * **************************************** (A)dd an agent (A). (E)xtract key for an agent (E). (L)ist already added agents (L). (R)emove an agent (R). (Q)uit. Choose your action: A,E,L,R or Q: A
- Adding a new agent (use '\q' to return to the main menu). Please provide the following: * A name for the new agent: XL1-TRAN1 客户端的hostname的名字* The IP Address of the new agent: 10.10.10.111 客户端的ip地址* An ID for the new agent[005]: Agent information: ID:005 Name:XL1-TRAN1 IP Address:10.10.10.111
Confirm adding it?(y/n): y Agent added.
**************************************** * OSSEC HIDS v2.8 Agent manager. * * The following options are available: * **************************************** (A)dd an agent (A). (E)xtract key for an agent (E). (L)ist already added agents (L). (R)emove an agent (R). (Q)uit. Choose your action: A,E,L,R or Q: E
Available agents: ID: 001, Name: XL1-SET1, IP: 10.10.10.109 ID: 002, Name: XL1-DB1, IP: 10.10.10.107 ID: 003, Name: XL1-DB2, IP: 10.10.10.108 ID: 004, Name: XL1-SET2, IP: 10.10.10.220 ID: 005, Name: XL1-TRAN1, IP: 10.10.10.111 Provide the ID of the agent to extract the key (or '\q' to quit): 005 最后一个
Agent key information for '005' is: MDA1IFhMMS1UUkFOMSAxMC4xMC4xMC4xMTEgNDI3MWNkZGI3YjhkZDcxNGFmZGJkNDRiMjUxYTJkNzA5Mjk2Zjk3ZWM2ZWNjMDRmODMzM2YwYzQxYzVlN2MwYQ== 生成的key复制粘贴** Press ENTER to return to the main menu.
**************************************** * OSSEC HIDS v2.8 Agent manager. * * The following options are available: * **************************************** (A)dd an agent (A). (E)xtract key for an agent (E). (L)ist already added agents (L). (R)emove an agent (R). (Q)uit. Choose your action: A,E,L,R or Q: Q
** You must restart OSSEC for your changes to take effect.
manage_agents: Exiting .. [root@log var]#
3.在agent端输入key
[root@XL1-TRAN1 ossec-hids-2.8.1]# /var/ossec/bin/manage_agents
**************************************** * OSSEC HIDS v2.8 Agent manager. * * The following options are available: * **************************************** (I)mport key from the server (I). (Q)uit. Choose your action: I or Q: I
* Provide the Key generated by the server. * The best approach is to cut and paste it. *** OBS: Do not include spaces or new lines.
Paste it here (or '\q' to quit): MDA1IFhMMS1UUkFOMSAxMC4xMC4xMC4xMTEgNDI3MWNkZGI3YjhkZDcxNGFmZGJkNDRiMjUxYTJkNzA5Mjk2Zjk3ZWM2ZWNjMDRmODMzM2YwYzQxYzVlN2MwYQ== 生成的key复制粘贴
Agent information: ID:005 Name:XL1-TRAN1 IP Address:10.10.10.111
Confirm adding it?(y/n): y Added. ** Press ENTER to return to the main menu.
**************************************** * OSSEC HIDS v2.8 Agent manager. * * The following options are available: * **************************************** (I)mport key from the server (I). (Q)uit. Choose your action: I or Q: Q
** You must restart OSSEC for your changes to take effect.
manage_agents: Exiting .. [root@XL1-TRAN1 ossec-hids-2.8.1]#
live.bu@cardinfolink.com1.主题: ossec和日志安装1 ossectar -xzvf ossec-hids-2.8.1.tar.gzsh ./install.sh
安装成功后pe -ef | grep ossec 查看进程root 18813 1 0 09:56 ? 00:00:00 /var/ossec/bin/ossec-execdossec 18864 1 0 10:05 ? 00:00:00 /var/ossec/bin/ossec-agentdroot 18868 1 0 10:05 ? 00:00:00 /var/ossec/bin/ossec-logcollectorroot 18872 1 0 10:05 ? 00:00:00 /var/ossec/bin/ossec-syscheckdroot 18881 17159 0 10:06 pts/1 00:00:00 grep ossec就成功了
- 系统类型是 Redhat Linux.- 修改启动脚本使 OSSEC HIDS 在系统启动时自动运行- 已正确完成系统配置.- 要启动 OSSEC HIDS:/var/ossec/bin/ossec-control start- 要停止 OSSEC HIDS:/var/ossec/bin/ossec-control stop- 要查看或修改系统配置,请编辑 /var/ossec/etc/ossec.conf- 您必须首先将该代理添加到服务器端以使他们能够相互通信.这样做了以后,您可以运行'manage_agents'工具导入服务器端产生的认证密匙./var/ossec/bin/manage_agents/etc/rc.local/var/ossec/bin/ossec-control start
2.日志安装/etc/syslog.conf# Save boot messages also to boot.loglocal7.* /var/log/boot.log*.* @10.99.2.100
转载于:https://www.cnblogs.com/LilL/p/6244805.html
相关资源:JAVA上百实例源码以及开源项目