11-01-2002 05:52 PM
I just installed an HP instrusion detection on my system running 11.00 64bit. but when i tried to bring up the idsagent im getting this error.
libcomm: thread_id=1: comm_init: gethostbyname failed for connect_host idsadmin
ids/9000: idsagent initialization failed. See /var/opt/ids/error.log for details. Exiting
libcomm: thread_id=1: queue_get (Read Queue): comm layer not initialized
libcomm: thread_id=1: queue_get (Write Queue): comm layer not initialized.
11-01-2002 06:15 PM
Sounds to me like the IDS Agent system cannot resolve the name or IP of the IDS Server or Adminstration system.
Check your setup & manually try to resolve what you've defined as the IDS server or admin system.
11-01-2002 07:04 PM
Did you generate the certificate for the client from the server and installed it on the client? I believe even if your server and client is the same node, you need to do that.
I will be interested to know that as I am in the process of defining my schedules/groups/templates.
11-01-2002 07:12 PM
Does /var/opt/ids/error.log give you any relevant information? Is client/server able to resolve each other?
11-04-2002 11:59 AM
Jeff: I check my entry on my host file and on the dns all of them are defined the same as my IDS server.
Manjeet: The certificate a created successfully. The output of my error.log are libcomm: thread_id=1.
11-04-2002 12:41 PM
Not very sure but from above error msg (first posting), it looks as if your client is trying to connect to IDS server name - idsadmin. Is this your IDS server name?
Also, did you run "IDS_genAdminKeys install" on the server 'after' distributing the certificate to the client? That step will invalidate the agent certificate. If you are just setting this up, I would suggest to redo the following as user "ids" -
1. run 'IDS_genAdminKeys install' on the server
2. run IDS_genAgentCerts for the client
3. move the certificate (client.tar.Z) from server to client's /var/opt/ids/tmp/ directory.
4. run IDS_importAgentKeys from the client -
5. run /sbin/init.d/idsagent start (as root)
Also, the document talks about some more steps for multihomed agent system. But lets see if the above solution works for you.
11-04-2002 03:40 PM
I have done with those step and it goes successfull. to make it short i decided to remove the IDS/9000 from the client and the server. What i'm doing now is working on one server as IDS server and client. when i bring up the agent the error that i'm getting is :
idsagent: failed to open schedule path file /var/opt/ids/schedule for reading and writing
Also on the idsgui it says that there is no available agent. but when i run
ps -ef | grep idsagent
11-05-2002 07:34 AM
>idsagent: failed to open schedule path file /var/opt/ids/schedule for reading and writing
This is a first time message and is expected because till now, this client hasn't been given any schedule.
>Also on the idsgui it says that there is no available agent
This one had stumped me as well. But the solution was simple - bring up idsgui and add the client (as user ids and setting DISPLAY variable). Now highlight the client and click on 'Status' button on the far left. The client status will change to 'available'. Now its just a matter of selecting one of the pre-defined schedules (for testing) and clicking on 'Activate' button.
Let me know if it helps.
11-05-2002 03:35 PM
At this point, I will check if something is different on your server because the problem changed when you installed server and client on the same box. It may be patch issue. The server needs Java RTE 1.3.x but I am assuming that those prereqs are completed.
If you have a spare box, you may load it with hpux-11.11 and retry. Involving HP Support is another option.
01-09-2003 02:33 PM
Let me know if you are still having problems with IDS/9000.
The "can't open schedule file" error is expected if no schedule has yet been downloaded by the admin to the agent and you are starting the agent using the /sbin/init.d/idsagent startup script or if you are running /opt/ids/bin/idsagent with the -a option.
Assuming that you attempted to get the status of the agent using the admin GUI and it returns "Not available" even though an agent is running, there is a defect that has been fixed for this type of failure. The fix will be in the next minor release of HP-UX Host IDS (new name for IDS/9000) which is currently scheduled to be available sometime around late Spring.