I will try the process you suggest tomorrow. As for the rest: there are no duplicate IP's (all agents have been added with the "any" IP configuration) or ID's (all keys were deleted from the client.keys file (except 001) in order to prevent duplicates)(all rid's were deleted afterwards to make sure there weren't any issues there either, all done while the ossec services were stopped)). both files (client.keys and ossec.conf being pushed out) were examined in notepad, wordpad and notepad++ (multiple languanges) to verify there were no extra non-visible characters/line breaks/carriage returns present.
On Monday, October 13, 2014 7:43:26 PM UTC-5, Michael Starks wrote: > > On 10/13/2014 11:18 AM, David Masters wrote: > > The whole purpose of this exercise is to not have to go to each > > individual machine to input the key and configuration. We have over > > 3000 machines so that really is just not feasible. If the key & server > > is input manually when the software is installed it works fine. When > > the key file and config file are pushed out over the network (containing > > the exact same information that would have been input manually), it does > > not. This would be to the same machine, same configuration, no changes > > between manual input and pushed input. (except that it is not done > > manually). > > Rest assured, this is possible (albeit I have not tried a mass > deployment with 'any'). I have deployed 2.8 to about 150 Windows systems > via a psexec script, so I know it works. > > - Are there any duplicate IPs or agent IDs in client.keys on the manager? > -Is the line on both the manager and agent in this format: 004 hostname > any key > -Are there any issues with CR/LF or other non-printing characters due to > your script? > > You might want to try this: > 1. Install the agent manually > 2. Verify it works > 3. Copy the key file somewhere else > 4. Uninstall the agent > 5. Remove the rids from the manager and restart the manager > 6. Push via your deployment method to the agent > 7. If it doesn't work, then stop the agent service, delete the key file > and replace it with the one you know worked. > 8. Start OSSEC > > If it works, then you know the problem is with the agent keys file. If > it doesn't, then the issue is probably with the manager's key file. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
