Yes, just get the client.keys from all the agents and make a single
client.keys file on the
server with all of them.
The issue is the remote message ids, that you will need to clear on
each agent (delete the rids directory)
or the agents will not accept the messages from the manager.
thanks,
--
Well - it happened - I lost a server (hardware raid failure and corrupted
drives).
So here is the question - all the agents have keys, but I lost the other
end - is there ANY way to rebuild a server from this sort of thing and
recover?
I can't think of anything, since it is all built around th
On Wed, Feb 13, 2013 at 3:15 PM, Brenden Walker wrote:
> On Wed, 13 Feb 2013 11:42:13 + "C. L. Martinez"
> wrote:
>> HI all,
>>
>> I have one ossec agent monitoring some syslog format files and
>> triggers some alerts if src IP or dst IP matches in a CDB list
>> configured on ossec server.
On Thu, Feb 14, 2013 at 10:16 AM, JPZ wrote:
> Hello everyone,
>
> One of our servers has been having issues recently ( sudden OS lockups) and
> I noticed a bunch of kernel errors regarding failed actions reported by
> mptscsih and mptbase. These weren't caught by OSSEC so I decided to create a
>
Hello everyone,
One of our servers has been having issues recently ( sudden OS lockups) and
I noticed a bunch of kernel errors regarding failed actions reported by
mptscsih and mptbase. These weren't caught by OSSEC so I decided to create
a decoder and rules to catch any future events.
I'm sha
Hello,
since I've updated my ossec-server to Version 2.7 the Database-Logging has
two problems which i think i fixed in my local version.
The first problem is that the last two signs of each message are cut of,
which is fixed simply by editing two lines in src/os_dbd/alert.c
the len+2 counting i