I looked at the logs on the ossec server and there are lots of these errors
but I dont think they are related:
017/01/17 14:46:08 ossec-dbd(5203): ERROR: Error executing query 'INSERT
INTO data(id, server_id, user, full_log) VALUES ('38672', '1', '(null)',
'ossec: Agent disconnected: `dvsc1lx1051-10.69.73.51`.') '. Error: 'Lost
connection to MySQL server during query'.
2017/01/17 14:46:08 ossec-dbd(5209): INFO: Closing connection to database.
2017/01/17 14:46:08 ossec-dbd(5210): INFO: Attempting to reconnect to
database.
2017/01/17 14:46:08 ossec-dbd: Connected to database 'ossec' at
'ppdc1lx0111'.
2017/01/17 14:46:08 ossec-dbd(5204): ERROR: Database error. Unable to run
query.
2017/01/17 14:48:08 ossec-dbd(5203): ERROR: Error executing query 'INSERT
INTO data(id, server_id, user, full_log) VALUES ('38675', '1', '(null)',
'ossec: Agent disconnected: `dvsc1lx0043-10.69.65.43`.') '. Error: 'Lost
connection to MySQL server during query'.
2017/01/17 14:48:08 ossec-dbd(5209): INFO: Closing connection to database.
2017/01/17 14:48:08 ossec-dbd(5210): INFO: Attempting to reconnect to
database.
2017/01/17 14:48:08 ossec-dbd: Connected to database 'ossec' at
'ppdc1lx0111'.
2017/01/17 14:48:08 ossec-dbd(5204): ERROR: Database error. Unable to run
query.
Sean
On Tue, Jan 17, 2017 at 2:24 PM, Tony Perez <t...@perezbox.com> wrote:
> Hey Sean
>
> What error are you referring to?
>
> I see: 2017/01/17 14:10:12 ossec-agentd: INFO: Using notify time: 600 and
> max time to reconnect: 1800 which is a notice, not an error I think...
>
> I'm curious, do you know why they are showing as disconnected? Have you
> checked ossec.log for errors on both the agent and server? What do the logs
> say?
>
> Tony
>
> On Tue, Jan 17, 2017 at 1:11 PM, Sean Roe <sean...@gmail.com> wrote:
>
>> Hi All,
>>
>> I am running ossec 2.8.3 in a test environment and have come across a
>> problem where I have agents listed as disconnected. I have tried setting
>> in the agent.conf the following stanza and pushing it out to the agents via
>> /var/ossec/etc/shared
>>
>> <agent_config>
>> <client>
>> <server-ip>10.14.10.17</server-ip>
>> <notify_time>45</notify_time>
>> <time-reconnect>60</time-reconnect>
>> </client>
>>
>> blah, blah, blah (rest of config)
>>
>> I thought by shortening the notify and time-reconnect variables I would
>> be able to keep the agents connected. When I do a restart of each of the
>> agents I get the following error:
>>
>> [root@dvsc1lx0020 ~]# /var/ossec/bin/ossec-control restart
>> Killing ossec-logcollector ..
>> Killing ossec-syscheckd ..
>> Killing ossec-agentd ..
>> Killing ossec-execd ..
>> OSSEC HIDS v2.8.3 Stopped
>> Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)...
>> Started ossec-execd...
>> 2017/01/17 14:10:12 ossec-agentd: INFO: Using notify time: 600 and max
>> time to reconnect: 1800
>> Started ossec-agentd...
>> Started ossec-logcollector...
>>
>>
>> So am I missing something here?
>>
>> Thanks,
>> Sean
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ossec-list+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
