Yes it comes from an e-mail alert. I'll check out the client.keys Thanks, for the reply.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of dan (ddp) Sent: Thursday, July 10, 2014 8:32 AM To: [email protected] Subject: Re: FW: [ossec-list] Production OSSEC Agents are not connected - false Error On Thu, Jul 10, 2014 at 8:23 AM, Farnsworth, Robert <[email protected]> wrote: > I guess more of false positive. > > > > This is the message that we get even though as stated we have removed > the agents from OSSEC through the manage_agents tool. This is showing > about 16 agents that have been removed and are not even on our network > anymore. It generally has about 16 host/IP addresses after the message > but for obvious security reasons I cannot add those. > > > > How to get rid of these messages/alerts: > > PLEASE NOTE: There are un-connected OSSEC Agents that should be connected. > >> Please investigate if this is an unplanned outage. > >> Re-boots of Windows and Solaris servers may temporarily cause entries >> on this list. > Stange. I've never seen this error in OSSEC. Does it arrive in an email alert? Is there is rule id associated with it? Try (after backing up the file) deleting the entries from the client.keys. I Think you'll have to shut down the OSSEC processes during this, but not positive. > > > -----Original Message----- > > > From: [email protected] [mailto:[email protected]] > On Behalf Of dan (ddp) > Sent: Wednesday, July 09, 2014 12:23 PM > To: [email protected] > Subject: Re: [ossec-list] Production OSSEC Agents are not connected - > false Error > > > > On Wed, Jul 9, 2014 at 10:34 AM, Farnsworth, Robert > <[email protected]> wrote: > >> Hi, we have an issue where we continue to get this unconnected error >> in OSSEC even though we have removed the agents from OSSEC through >> the manage_agents tool. This is showing about 16 agents that have >> been removed and are not even on our network anymore. > >> > >> How can I get rid of this message from reoccurring? > >> > > > > What error message? Where are you seeing it? > > > >> > >> PLEASE NOTE: There are un-connected OSSEC Agents that should be connected. > >> Please investigate if this is an unplanned outage. > >> Re-boots of Windows and Solaris servers may temporarily cause entries >> on this list. > >> > >> Thanks > >> > >> Robert > >> > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google >> Groups "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, >> send an email to [email protected]. > >> For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
