On Tuesday, April 12, 2016 at 9:53:20 AM UTC-4, Alexandre LAQUERRE wrote: > > Thank you very much for the information, > > > > I was able to convince our customer to deploy the new version update in > order to limit the downtime and well he is going to install 10 or 20 > machines in order to see if it works or not. > > > > > > Thank you, > > > > Alexandre Laquerre > > Analyste Sécurité > > > > > *From:* Kat [mailto:uncom...@gmail.com <javascript:>] > *Sent:* Tuesday, April 12, 2016 9:52 AM > *To:* ossec-list <ossec...@googlegroups.com <javascript:>> > *Cc:* Alexandre LAQUERRE <a.laq...@linkbynet.com <javascript:>> > *Subject:* Re: Ossec Agent 2.71 Keeps disconnecting from Ossec server > 2.8.3 > > > > I have seen this as well, and what I found seemed to be related to > encryption being used on 2.8.3 vs the 2.7 packages. As Santi suggested, > also removing the rids for the agents allows it to connect. I would, > however, strongly suggest keeping them within the same release, and it > avoids many of the problems observed. > > > > Kat > > On Tuesday, April 5, 2016 at 8:21:18 AM UTC-5, Alexandre LAQUERRE wrote: > > Hi, > > > > I have been using Ossec for quite a while and we decided to upgrade the > version (2.7.1) to 2.8.3 and that was relatively successful except for the > fact that it pulled a number on my Ossec.conf by creating indent problems > and adding open brackets in the wrong area but anyway it works. My issue is > that for the moment our client will not update the OSSEC agents and wish to > keep the 2.7.1 , I have not seen any documentation that would indicate a > compatibility issue however I noticed that no matter what I do , the agents > will end up disconnecting. They will start out all active and then after 20 > minutes or so they will all be disconnected except for a small minority. > > > > When I performed the install I have set the maximum number of agents to > 4096 because the client has about … I would say close to 3000 agents, > furthermore the installation did go well however I suspect that the > agent.conf file in the shared folder got messed up due to this update being > very significant. I have been working on this issue for at least three days > and I am no longer certain where to look. > > > > I would like to specify that I have already tried to erase the RIDS while > Ossec Is stop (server) and when I start it back up again the same issue > occurs. Now I am hoping the solution will not be to erase the rids from the > client as it would be a long process for our customer. > > > > Thank you, > > > > Alexandre Laquerre > > Analyste Sécurité > > > Hi so I have installed a few agents with the 2.8.3 and then i noticed a lot of duplicates so i stopped the server and then cleared the RIDS files however i now see this isseu in the server logs : ERROR: Invalid ID for the source ip:
I have installed so far 10 agents with version 2.8.3 however we have around 1500 agents. The duplicates are still there, is there another way because clearing the RIDS does not see to make any difference . Who decides who gets the RIDS ? is there an option to force the server to have control and thus decide that everyone accepts the RIDS that is given to the agent because it seems as is the agent has power over the server and I am not really understanding this. Any help would really be appreciated as I am stumped presently. Thank you -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
