awesome, thanks for sharing your experience with us Alexandre. I'm sure this could be beneficial to others as well!
Am Dienstag, 19. April 2016 21:13:00 UTC+2 schrieb Alexandre Laquerre: > > So the final result was as follows, the first step i exported the agent > list and updated the list ( i basically erased 1000 agents that were no > longer used (#***) and then saved it in csv format. Following that i used > the script managed_agents -f to reimport the whole agent list with new IDS. > It basically took a good hour. Once done i creatied a script that would > uninstall + install the Ossec Agent (2.8.3) and then attribute its key to > the installation which basically takes 5 seconds and then it is up and > running. > > So all is now good. > > Hopefully this can help anyone that has a similar issue as well. > > Cheers, > > > On Wednesday, April 13, 2016 at 11:23:28 AM UTC-4, Alexandre Laquerre > wrote: >> >> I have added my ossec.conf and agent.conf , Is it possible to have a >> look to see if there is something that is off ? ( i have removed the IP >> adress for the agentless section) >> >> Thank you, >> >> Alex >> >> On Wednesday, April 13, 2016 at 10:40:00 AM UTC-4, Kat wrote: >>> >>> You should disable RIDS: >>> >>> remoted.verify_msg_id=0 >>> >>> The errors should go away. The problem is, RIDS must be removed on both >>> agent and server, that may be causing issues. >>> >>> Kat >>> >>> On Tuesday, April 5, 2016 at 8:21:18 AM UTC-5, Alexandre LAQUERRE wrote: >>>> >>>> Hi, >>>> >>>> >>>> >>>> I have been using Ossec for quite a while and we decided to upgrade the >>>> version (2.7.1) to 2.8.3 and that was relatively successful except for the >>>> fact that it pulled a number on my Ossec.conf by creating indent problems >>>> and adding open brackets in the wrong area but anyway it works. My issue >>>> is >>>> that for the moment our client will not update the OSSEC agents and wish >>>> to >>>> keep the 2.7.1 , I have not seen any documentation that would indicate a >>>> compatibility issue however I noticed that no matter what I do , the >>>> agents >>>> will end up disconnecting. They will start out all active and then after >>>> 20 >>>> minutes or so they will all be disconnected except for a small minority. >>>> >>>> >>>> >>>> When I performed the install I have set the maximum number of agents to >>>> 4096 because the client has about … I would say close to 3000 agents, >>>> furthermore the installation did go well however I suspect that the >>>> agent.conf file in the shared folder got messed up due to this update >>>> being >>>> very significant. I have been working on this issue for at least three >>>> days >>>> and I am no longer certain where to look. >>>> >>>> >>>> >>>> I would like to specify that I have already tried to erase the RIDS >>>> while Ossec Is stop (server) and when I start it back up again the same >>>> issue occurs. Now I am hoping the solution will not be to erase the rids >>>> from the client as it would be a long process for our customer. >>>> >>>> >>>> >>>> Thank you, >>>> >>>> >>>> >>>> >>>> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
