Hi All,
I just realized I didn't specify which version of Ossec we are running, my
apologies.
Ossec 2.6 running on SUSE Enterprise 11sp1 64bit, with 4GB of RAM and 2 CPUs
and currently 2281 active connections.
Thanks again for any help you can provide.
Patrick Swartz
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of Swartz, Patrick H
Sent: Friday, February 10, 2012 10:32 AM
To: ossec-list@googlegroups.com
Subject: [ossec-list] agent-auth not working - internal error
Hi All
I ran across an issue last night that I can't find an answer for. In our
environment we have 2 machines setup as Ossec servers (due to
geographic/firewall rules), one of them responds fine when a client sends the
key request using 'agent-auth -m 10.10.10.1 -D /opt/ossec, however, for
clients trying to connect to the other we get an (internal error).
For example:
Log from the client -
INFO: Using agent name as: n1dpmmgr2
INFO: Send request to manager. Waiting for reply.
ERROR: Internal manager error adding agent: n1dpmmgr2 (from manager)
ERROR: Unable to add agent. (from manager)
INFO: Connection closed.
Corresponding log from the server (all that it is...):
2012/02/10 03:21:55 ossec-authd: ERROR: Unable to add agent: n1dpmmgr2
(internal error)
We have tried, stopping/starting the Ossec server, stopping starting
ossec-authd, even recompiled, but none helped.
One note of interest, for each time a client connects and requests a key, a
[ossec-authd] defunct process would show up in a process listing.
Any and all help would be greatly appreciated!
Patrick Swartz
-
The information in this message may be proprietary and/or
confidential, and protected from disclosure. If the reader of this
message is not the intended recipient, or an employee or agent
responsible for delivering this message to the intended recipient,
you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this communication in error, please notify First Data
immediately by replying to this message and deleting it from your
computer.