Hi, I'm glad to hear that. Here some useful links:
- Installation guide: https://documentation.wazuh.com/current/installation-guide/index.html - Authd guide: https://documentation.wazuh.com/current/user-manual/agents/registering-agents/register-agent-authd.html Regards. On Tuesday, May 23, 2017 at 9:51:13 AM UTC+2, Topper Bowers wrote: > > Thank you! This is a huge help. The upgrade to 2.0 locally was painless > *and* fixed my authd issues. Now to production. > > On Mon, May 22, 2017 at 7:19 PM, Jesus Linares <je...@wazuh.com > <javascript:>> wrote: > >> Hi, >> >> it is a known issue in that version (1.1.1). It is related with the >> algorithm that assigns an agent ID. This issue is fixed in Wazuh 2.0. >> >> Also, you can use the API to register agents remotely: 1.1.1 >> <https://documentation.wazuh.com/1.1/ossec_api.html> and 2.0 >> <https://documentation.wazuh.com/current/user-manual/api/index.html> API >> documentation. >> >> Regards. >> >> On Monday, May 22, 2017 at 6:56:10 PM UTC+2, Topper Bowers wrote: >>> >>> I deleted some of the lines starting with bang (!) but that didn't clear >>> up the problem. My client.keys is now smaller than 2048, but I still can't >>> add agents. I was able to duplicate this problem on a fresh install in >>> vagrant. Using the bin/manage_agents command I was able to add over 4k >>> clients (and clients.keys grew without problem). However, when I try to add >>> a new agent through authd... I get the same internal error problem. >>> >>> Results of commands: >>> >>> $ cat /var/ossec/etc/client.keys | wc -l >>> >>> 2032 >>> >>> $ cat /var/ossec/etc/client.keys | grep -P "^\d+\s*\!" -v | wc -l >>> >>> 209 >>> >>> $ cat /var/ossec/etc/client.keys | grep -P "^\d+\s*\!" | wc -l >>> >>> 1823 >>> >>> On Mon, May 22, 2017 at 6:28 PM, Jesus Linares <je...@wazuh.com> wrote: >>> >>>> Hi, >>>> >>>> as you mentioned, it seems that inactive agents are counting for the >>>> limit (2048 agents). Run the following commands in order to know the size >>>> of the *client.keys *file: >>>> >>>> - Total lines: cat /var/ossec/etc/client.keys | wc -l >>>> - Active agents: cat /var/ossec/etc/client.keys | grep -P >>>> "^\d+\s*\!" -v | wc -l >>>> - Inactive agents: cat /var/ossec/etc/client.keys | grep -P >>>> "^\d+\s*\!" | wc -l >>>> >>>> The solution could be clean the client.keys (lines with "!") after >>>> removing the agent. >>>> >>>> Regards. >>>> >>>> >>>> On Monday, May 22, 2017 at 11:05:38 AM UTC+2, Topper Bowers wrote: >>>>> >>>>> Hi, >>>>> >>>>> My client has a highly dynamic environment and we're using OSSEC >>>>> (wazuh 1.1.1 release, OSSEC v2.8). When a server spins up, it registers >>>>> itself as an agent to the servers authd and everything was going ok. >>>>> However, my client.keys file is now 2048 lines long and no new agents can >>>>> register. They get an "(internal error)" that we see in the >>>>> /var/ossec/logs/ossec.log >>>>> >>>>> We have a process in place to remove inactive agents using the >>>>> `/var/ossec/bin/manage_agents -r ${ossec_id}` command. And if you use >>>>> /var/ossec/bin/manage_agents -l only about 100 agents show up. >>>>> >>>>> I've seen this >>>>> https://groups.google.com/forum/#!topic/ossec-list/lgFDOlR6zNg and it >>>>> looks remarkably similar to what we're seeing. However, we don't actually >>>>> have thousands of active agents. It seems like inactive agents are >>>>> counting >>>>> against the limit. Since we have a really dynamic environment with >>>>> servers >>>>> going up and down all the time, increasing the limit seems like it's just >>>>> pushing out the inevitable. >>>>> >>>>> In summary... dynamic environment, can't add new agents, only 100 or >>>>> so active agents, 2048 lines in client.keys. No other error messages >>>>> besides "internal error" >>>>> >>>>> Any suggestions? >>>>> >>>>> Thanks! >>>>> >>>>> Topper >>>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to a topic in the >>>> Google Groups "ossec-list" group. >>>> To unsubscribe from this topic, visit >>>> https://groups.google.com/d/topic/ossec-list/k_MFr5aAjRU/unsubscribe. >>>> To unsubscribe from this group and all its topics, send an email to >>>> ossec-list+...@googlegroups.com. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> >>> -- >>> >>> *Topper Bowers* >>> >>> *Engineering* >>> *Vitals* | 160 Chubb Ave, Suite 301, Lyndhurst, NJ 07071, USA >>> >>> M : 646.515.6630 >>> >>> http://www.vitals.com >>> >> -- >> >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "ossec-list" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ossec-list/k_MFr5aAjRU/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> ossec-list+...@googlegroups.com <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > > *Topper Bowers* > > *Engineering* > *Vitals* | 160 Chubb Ave, Suite 301, Lyndhurst, NJ 07071, USA > > M : 646.515.6630 > > http://www.vitals.com > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
