HIDS agent error. (24 Views)
Reply
Occasional Advisor
Den Luzon
Posts: 8
Registered: ‎01-26-1999
Message 1 of 12 (24 Views)

HIDS agent error.

Hi,


I just installed an HP instrusion detection on my system running 11.00 64bit. but when i tried to bring up the idsagent im getting this error.


libcomm: thread_id=1: comm_init: gethostbyname failed for connect_host idsadmin
ids/9000: idsagent initialization failed. See /var/opt/ids/error.log for details. Exiting
libcomm: thread_id=1: queue_get (Read Queue): comm layer not initialized
libcomm: thread_id=1: queue_get (Write Queue): comm layer not initialized.

thanks,
den
Please use plain text.
Occasional Advisor
Den Luzon
Posts: 8
Registered: ‎01-26-1999
Message 2 of 12 (24 Views)

Re: HIDS agent error.

typo error on the subject. it's HP IDS/9000
Please use plain text.
Honored Contributor
Jeff Schussele
Posts: 6,795
Registered: ‎02-18-2002
Message 3 of 12 (24 Views)

Re: HIDS agent error.

HI Den,

Sounds to me like the IDS Agent system cannot resolve the name or IP of the IDS Server or Adminstration system.
Check your setup & manually try to resolve what you've defined as the IDS server or admin system.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Please use plain text.
Trusted Contributor
Kellogg Unix Team
Posts: 192
Registered: ‎10-09-1997
Message 4 of 12 (24 Views)

Re: HIDS agent error.

Hi Den,

Did you generate the certificate for the client from the server and installed it on the client? I believe even if your server and client is the same node, you need to do that.

I will be interested to know that as I am in the process of defining my schedules/groups/templates.

HTH
...Manjeet
work is fun ! (my manager is standing behind me!!)
Please use plain text.
Trusted Contributor
Kellogg Unix Team
Posts: 192
Registered: ‎10-09-1997
Message 5 of 12 (24 Views)

Re: HIDS agent error.

And if you generated the certificate and installed it on the client, did you change the IP address of the server/client?

Does /var/opt/ids/error.log give you any relevant information? Is client/server able to resolve each other?

...Manjeet
work is fun ! (my manager is standing behind me!!)
Please use plain text.
Occasional Advisor
Den Luzon
Posts: 8
Registered: ‎01-26-1999
Message 6 of 12 (24 Views)

Re: HIDS agent error.

Hi,

Jeff: I check my entry on my host file and on the dns all of them are defined the same as my IDS server.

Manjeet: The certificate a created successfully. The output of my error.log are libcomm: thread_id=1.

thanks,
Den
Please use plain text.
Trusted Contributor
Kellogg Unix Team
Posts: 192
Registered: ‎10-09-1997
Message 7 of 12 (24 Views)

Re: HIDS agent error.

Hi Den,

Not very sure but from above error msg (first posting), it looks as if your client is trying to connect to IDS server name - idsadmin. Is this your IDS server name?

Also, did you run "IDS_genAdminKeys install" on the server 'after' distributing the certificate to the client? That step will invalidate the agent certificate. If you are just setting this up, I would suggest to redo the following as user "ids" -

1. run 'IDS_genAdminKeys install' on the server
2. run IDS_genAgentCerts for the client
3. move the certificate (client.tar.Z) from server to client's /var/opt/ids/tmp/ directory.
4. run IDS_importAgentKeys from the client -
IDS_importAgentKeys /var/opt/ids/tmp/client.tar.Z
5. run /sbin/init.d/idsagent start (as root)

Also, the document talks about some more steps for multihomed agent system. But lets see if the above solution works for you.

HTH
...Manjeet
work is fun ! (my manager is standing behind me!!)
Please use plain text.
Occasional Advisor
Den Luzon
Posts: 8
Registered: ‎01-26-1999
Message 8 of 12 (24 Views)

Re: HIDS agent error.

hi manjeet,

I have done with those step and it goes successfull. to make it short i decided to remove the IDS/9000 from the client and the server. What i'm doing now is working on one server as IDS server and client. when i bring up the agent the error that i'm getting is :

idsagent: failed to open schedule path file /var/opt/ids/schedule for reading and writing

Also on the idsgui it says that there is no available agent. but when i run

ps -ef | grep idsagent

it's running.

thanks,
den

Please use plain text.
Trusted Contributor
Kellogg Unix Team
Posts: 192
Registered: ‎10-09-1997
Message 9 of 12 (24 Views)

Re: HIDS agent error.

Hello again,

>idsagent: failed to open schedule path file /var/opt/ids/schedule for reading and writing

This is a first time message and is expected because till now, this client hasn't been given any schedule.

>Also on the idsgui it says that there is no available agent

This one had stumped me as well. But the solution was simple - bring up idsgui and add the client (as user ids and setting DISPLAY variable). Now highlight the client and click on 'Status' button on the far left. The client status will change to 'available'. Now its just a matter of selecting one of the pre-defined schedules (for testing) and clicking on 'Activate' button.

Let me know if it helps.
...Manjeet
work is fun ! (my manager is standing behind me!!)
Please use plain text.
Occasional Advisor
Den Luzon
Posts: 8
Registered: ‎01-26-1999
Message 10 of 12 (24 Views)

Re: HIDS agent error.

manjeet,

it didn't work. any more idea.

thanks,
den
Please use plain text.
Trusted Contributor
Kellogg Unix Team
Posts: 192
Registered: ‎10-09-1997
Message 11 of 12 (24 Views)

Re: HIDS agent error.

Hi Den,

At this point, I will check if something is different on your server because the problem changed when you installed server and client on the same box. It may be patch issue. The server needs Java RTE 1.3.x but I am assuming that those prereqs are completed.

If you have a spare box, you may load it with hpux-11.11 and retry. Involving HP Support is another option.

Thanks
...Manjeet
work is fun ! (my manager is standing behind me!!)
Please use plain text.
Occasional Advisor
Pierre Pasturel_1
Posts: 9
Registered: ‎01-08-2003
Message 12 of 12 (24 Views)

Re: HIDS agent error.

Den -

Let me know if you are still having problems with IDS/9000.

The "can't open schedule file" error is expected if no schedule has yet been downloaded by the admin to the agent and you are starting the agent using the /sbin/init.d/idsagent startup script or if you are running /opt/ids/bin/idsagent with the -a option.

Assuming that you attempted to get the status of the agent using the admin GUI and it returns "Not available" even though an agent is running, there is a defect that has been fixed for this type of failure. The fix will be in the next minor release of HP-UX Host IDS (new name for IDS/9000) which is currently scheduled to be available sometime around late Spring.

Pierre


Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation