1745856 Members
4289 Online
108723 Solutions
New Discussion юеВ

Re: HIDS agent error.

 
Den Luzon
Occasional Advisor

HIDS agent error.

Hi,


I just installed an HP instrusion detection on my system running 11.00 64bit. but when i tried to bring up the idsagent im getting this error.


libcomm: thread_id=1: comm_init: gethostbyname failed for connect_host idsadmin
ids/9000: idsagent initialization failed. See /var/opt/ids/error.log for details. Exiting
libcomm: thread_id=1: queue_get (Read Queue): comm layer not initialized
libcomm: thread_id=1: queue_get (Write Queue): comm layer not initialized.

thanks,
den
11 REPLIES 11
Den Luzon
Occasional Advisor

Re: HIDS agent error.

typo error on the subject. it's HP IDS/9000
Jeff Schussele
Honored Contributor

Re: HIDS agent error.

HI Den,

Sounds to me like the IDS Agent system cannot resolve the name or IP of the IDS Server or Adminstration system.
Check your setup & manually try to resolve what you've defined as the IDS server or admin system.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Kellogg Unix Team
Trusted Contributor

Re: HIDS agent error.

Hi Den,

Did you generate the certificate for the client from the server and installed it on the client? I believe even if your server and client is the same node, you need to do that.

I will be interested to know that as I am in the process of defining my schedules/groups/templates.

HTH
...Manjeet
work is fun ! (my manager is standing behind me!!)
Kellogg Unix Team
Trusted Contributor

Re: HIDS agent error.

And if you generated the certificate and installed it on the client, did you change the IP address of the server/client?

Does /var/opt/ids/error.log give you any relevant information? Is client/server able to resolve each other?

...Manjeet
work is fun ! (my manager is standing behind me!!)
Den Luzon
Occasional Advisor

Re: HIDS agent error.

Hi,

Jeff: I check my entry on my host file and on the dns all of them are defined the same as my IDS server.

Manjeet: The certificate a created successfully. The output of my error.log are libcomm: thread_id=1.

thanks,
Den
Kellogg Unix Team
Trusted Contributor

Re: HIDS agent error.

Hi Den,

Not very sure but from above error msg (first posting), it looks as if your client is trying to connect to IDS server name - idsadmin. Is this your IDS server name?

Also, did you run "IDS_genAdminKeys install" on the server 'after' distributing the certificate to the client? That step will invalidate the agent certificate. If you are just setting this up, I would suggest to redo the following as user "ids" -

1. run 'IDS_genAdminKeys install' on the server
2. run IDS_genAgentCerts for the client
3. move the certificate (client.tar.Z) from server to client's /var/opt/ids/tmp/ directory.
4. run IDS_importAgentKeys from the client -
IDS_importAgentKeys /var/opt/ids/tmp/client.tar.Z
5. run /sbin/init.d/idsagent start (as root)

Also, the document talks about some more steps for multihomed agent system. But lets see if the above solution works for you.

HTH
...Manjeet
work is fun ! (my manager is standing behind me!!)
Den Luzon
Occasional Advisor

Re: HIDS agent error.

hi manjeet,

I have done with those step and it goes successfull. to make it short i decided to remove the IDS/9000 from the client and the server. What i'm doing now is working on one server as IDS server and client. when i bring up the agent the error that i'm getting is :

idsagent: failed to open schedule path file /var/opt/ids/schedule for reading and writing

Also on the idsgui it says that there is no available agent. but when i run

ps -ef | grep idsagent

it's running.

thanks,
den

Kellogg Unix Team
Trusted Contributor

Re: HIDS agent error.

Hello again,

>idsagent: failed to open schedule path file /var/opt/ids/schedule for reading and writing

This is a first time message and is expected because till now, this client hasn't been given any schedule.

>Also on the idsgui it says that there is no available agent

This one had stumped me as well. But the solution was simple - bring up idsgui and add the client (as user ids and setting DISPLAY variable). Now highlight the client and click on 'Status' button on the far left. The client status will change to 'available'. Now its just a matter of selecting one of the pre-defined schedules (for testing) and clicking on 'Activate' button.

Let me know if it helps.
...Manjeet
work is fun ! (my manager is standing behind me!!)
Den Luzon
Occasional Advisor

Re: HIDS agent error.

manjeet,

it didn't work. any more idea.

thanks,
den