Hi Ben. The first error is normal, or at less, predictable to happen: since an agent-less isn't an agent, it can't receive active-responses. Active responses are generated by the rule analyzer (analisisd), that doesn't distinguish between agents and agent-less, so the remote daemon, that sends the active-response commands, shows that error because it can't find the agent. But it isn't a critical error.
Regarding to the second problem, there is a hardcoded limit of 10 attempts at agentless/agentless.c: /* Main monitor loop */ /* (...) */ while(lessdc.entries[i]) { if(lessdc.entries[i]->error_flag >= 10) { if(lessdc.entries[i]->error_flag != 99) { merror("%s: ERROR: Too many failures for '%s'. Ignoring it.", ARGV0, lessdc.entries[i]->type); lessdc.entries[i]->error_flag = 99; } i++; sleep(i); continue; } The last 3 lines make that, after 10 attempts, the program continues and no longer tries to execute the command. Maybe, deleting them (i++; sleep(i); continue;) the program retries to execute the command. We're testing it at our development environment and we'll include the changes in our repository at Wazuh. Best regards. Victor. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.