Hi,
My client has a highly dynamic environment and we're using OSSEC (wazuh
1.1.1 release, OSSEC v2.8). When a server spins up, it registers itself as
an agent to the servers authd and everything was going ok. However, my
client.keys file is now 2048 lines long and no new agents can register.
They get an "(internal error)" that we see in the /var/ossec/logs/ossec.log
We have a process in place to remove inactive agents using the
`/var/ossec/bin/manage_agents -r ${ossec_id}` command. And if you use
/var/ossec/bin/manage_agents -l only about 100 agents show up.
I've seen
this https://groups.google.com/forum/#!topic/ossec-list/lgFDOlR6zNg and it
looks remarkably similar to what we're seeing. However, we don't actually
have thousands of active agents. It seems like inactive agents are counting
against the limit. Since we have a really dynamic environment with servers
going up and down all the time, increasing the limit seems like it's just
pushing out the inevitable.
In summary... dynamic environment, can't add new agents, only 100 or so
active agents, 2048 lines in client.keys. No other error messages besides
"internal error"
Any suggestions?
Thanks!
Topper
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
