Hi all, I am starting to use OSSEC so I may be doing something wrong here.
I have OSSEC installed as a server in my Linux VM and the Agent in my Windows Server 2012 VM. My server has the default configuration plus this: <command> <name>ossec-slack</name> <executable>ossec-slack.sh</executable> <expect></expect> <!-- no expect args required --> <timeout_allowed>no</timeout_allowed> </command> <active-response> <disabled>no</disabled> <command>ossec-slack</command> <location>local</location> <level>3</level> </active-response> <remote> <connection>secure</connection> </remote> In my Server, using the agent_control I can see my agent is *active* [root@gateway1-proxy bin]# ./agent_control -l OSSEC HIDS agent_control. List of available agents: ID: 000, Name: gateway1-proxy (server), IP: 127.0.0.1, Active/Local ID: 001, Name: clearing-optimizer, IP: XX.XX.X.X, Active With that, I believe my server and agent are communicating as expected. In my server's log, I have a lot of: 2020/08/17 19:25:18 ossec-remoted: WARN: Duplicate error: global: 22, local: 7947, saved global: 22, saved local:7948 2020/08/17 19:25:18 ossec-remoted(1407): ERROR: Duplicated counter for 'clearing-optimizer'. I have found an old post here in this group and applied the suggestion but the same error appears again after a while. I have also tried removing the agent and adding again, with a different ID and name but again, after a while, the error appears. In my agent, I have the default configuration plus this: <active-response> <disabled>no</disabled> <location>server</location> <level>3</level> </active-response> So, in my understanding, this is sending any active-response event to the server, is that correct? Also, another question, is there a way to trigger an event in my agent (Windows) so I can check if the server is receiving the notification correctly? Thank you. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/010078f3-af73-4b7d-ba9c-88bf1f1694b0n%40googlegroups.com.