On Wed, Jul 10, 2013 at 3:21 PM, David Blanton <[email protected]> wrote: > I've already tried using manage_agents. I did not remove all of them though. > I think I will opt for the rm -rf option. > > Oh, also, do you know that the permissions are suppose to be set for > .agent_info within the ossec/queue dir? For RHEL5 I have it as root::ossec, > however for Solaris 10 to work, I had to set it to root::root. Considering > that all agents are having this problem, I am not sure if this will do > anything though. >
That seems to be a common issue. I have no idea what the permissions are supposed to be these days. I was hoping one of the developers would look into it, but that hasn't happened yet. I may look into it sometime after 2.7.1 has been released. > > On Wednesday, July 10, 2013 2:24:28 PM UTC-4, dan (ddpbsd) wrote: >> >> On Wed, Jul 10, 2013 at 2:21 PM, David Blanton >> <[email protected]> wrote: >> > Is there a way to somehow 'start over' with the client key files? A >> > simple >> > rm -rf perhaps and then just make a new one, and then re-add agents? >> > >> >> Removing the agents with manage_agents is probably the best way, but >> you could rm it. I think there would be some other cleanup you'd have >> to do (particularly in the /var/ossec/queue directories). >> >> > >> > >> > On Wednesday, July 10, 2013 2:18:20 PM UTC-4, dan (ddpbsd) wrote: >> >> >> >> On Tue, Jul 9, 2013 at 3:35 PM, David Blanton >> >> <[email protected]> wrote: >> >> > Edit: This is actually appearing to be happening to all servers. A >> >> > srcip >> >> > search in the Web UI will only bring up agent started logs, netstat >> >> > change >> >> > logs, and that's about it. >> >> > >> >> > TLDR: Agentd is not appearing in ossec.log server side. >> >> > >> >> > more /opt/ossec/logs/ossec.log | grep agentd >> >> > >> >> > nothing... >> >> > >> >> >> >> That's not bad. The server is not generally an agent. >> >> >> >> Based on the errors (Error reading >> >> authentication key) you posted in the original message, I'd say >> >> something is wrong with the server's client.keys file. >> >> >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> >> > send >> >> > an >> >> > email to [email protected]. >> >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> > >> >> > >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
