On 10/12/2014 04:34 AM, David Masters wrote: > I have searched through the listings and the internet and cannot seem to > find a solution to this issue. > > We have approximately 3200 computers (Windows 7) that we are trying to > get configured with OSSEC. The agent is part of the image that we are > rolling out to the machines.
This could be the problem. It's likely that the rids are our of order and ossec sees this as a replay attack. Delete the rids on the agent as part of the installation process so that when it checks in, ossec will not send a higher rids count than the manager knows about. For systems that have already checked in, delete the rids on the manager in /queue. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.