How many entries are in your /etc/client.keys file?
What is the largest agent ID in that file?
What is the content of your ossec-hids/src/Config.OS file with the
line MAX_AGENTS after your ran 2.7 install.sh?
Did you restart ossec-remoted between the following two points in time?
2013/03/21
*This could be more than one issue but couple days ago ossec showed all our
agents Disconnected (previsouly worked fine), we stopped and restarted the
service and then server, updated from ossec 2.6 to 2.7 and turned on
debugging. From Logs it seems to be issue with the maximum agent setting
Hello Dan and all,
I followed this procedure in an attempt to migrate OSSEC to new hardware
but it did not work. I copied over client.keys, ossec.conf,
internal_options.conf, local_rules, and all the rids files as suggested but
received the agents could not connect to the new server afterward.
Actually, I have a very distinct need for an OSSEC server on Windows. I run
my own Iron, but all I have right now is a single Windows 2008 R2 server in
a colo facility. I do NOT have the cash to put a second machine in that
facility. Now, how the bloody hell am I supposed to run OSSEC on my Win
Using OSSEC as a HIDS for one Windows server really isn’t worth the trouble.
You say you have no budget to add a server at that datacenter.
Do you have a budget to add a small instance in a private cloud like Amazon
EC2?
OSSEC will not set itself up to be a good Windows HIDS and it doesn’t bl
Hello shadeninx !
Thank you !
In fact, what you said is true, but filtering logs, I can see a default
behavior, with login and the last log entry is loggoff ( in most times, if
the especified user really shutdown workstation ).
Regards
2013/3/20 shadejinx
> There is no reliable way to tell that