Using 'any' for the IP address for a problem agent seemed to help in
another thread suffering from the Incorrectly formated problem.
On Tue, Aug 21, 2012 at 11:18 AM, dan (ddp) ddp...@gmail.com wrote:
On Mon, Aug 20, 2012 at 7:38 AM, bw bw.mail.li...@gmail.com wrote:
Deleted everything (rm -rf
On Mon, Aug 20, 2012 at 7:38 AM, bw bw.mail.li...@gmail.com wrote:
Deleted everything (rm -rf /var/ossec /etc/ossec-init.conf
/etc/init.d/ossec), got 7987046f6bb1 from JBCheng's repo, that should be
latest at this time, installed it on server with only one agent, the least
busy one, no
On 08/17/2012 15:32, dan (ddp) wrote:
On Fri, Aug 17, 2012 at 2:52 AM, bw bw.mail.li...@gmail.com wrote:
Does it work if you don't have it listening to 2 different networks?
No. And when I say no, I mean I stopped everything and started only the
master and the 192.168. agent and I got the
Does it work if you don't have it listening to 2 different networks?
No. And when I say no, I mean I stopped everything and started only the
master and the 192.168. agent and I got the same result. I didn't
reinstall everything, the other two agents were still configured, just
not started,
On Fri, Aug 17, 2012 at 2:52 AM, bw bw.mail.li...@gmail.com wrote:
Does it work if you don't have it listening to 2 different networks?
No. And when I say no, I mean I stopped everything and started only the
master and the 192.168. agent and I got the same result. I didn't reinstall
On 08/17/2012 15:32, dan (ddp) wrote:
On Fri, Aug 17, 2012 at 2:52 AM, bw bw.mail.li...@gmail.com wrote:
Does it work if you don't have it listening to 2 different networks?
No. And when I say no, I mean I stopped everything and started only the
master and the 192.168. agent and I got the
I would need to see some config files. Are you using agent.conf in the
shared folder on the master (with active response enabled in the ossec.conf
file)?
Can you post the ossec.conf and the agent.conf from the agent? I assume
that the ossec.conf files are the same on each of your agents.
On
On 08/16/2012 08:48, Steven B. wrote:
I would need to see some config files. Are you using agent.conf in the
shared folder on the master (with active response enabled in the
ossec.conf file)?
Can you post the ossec.conf and the agent.conf from the agent? I assume
that the ossec.conf files are
On 08/09/2012 16:39, dan (ddp) wrote:
On Thu, Aug 9, 2012 at 9:13 AM, Nate yjn...@gmail.com wrote:
OK, gave the add.remove key thing one last shot.
Stopped ossec on both the master and the agent.
deleted client.keys on the agent.
used manage_agents to remove the old key from the master, and
Ok, now i'm seeing another error, which still leads me to believe theires a
key problem on the systems.
Checksum mismatch on message from agent ip
I googled that, and found some people had some success by comparing the
contents of client.keys on the manager and the agent. I did that, they are
OK, gave the add.remove key thing one last shot.
Stopped ossec on both the master and the agent.
deleted client.keys on the agent.
used manage_agents to remove the old key from the master, and add a new
one.
Started ossec on the master.
used manage_agents on the agent to add the key that i
On Thu, Aug 9, 2012 at 9:13 AM, Nate yjn...@gmail.com wrote:
OK, gave the add.remove key thing one last shot.
Stopped ossec on both the master and the agent.
deleted client.keys on the agent.
used manage_agents to remove the old key from the master, and add a new one.
Started ossec on the
How often did you get each of the following messages:
1) ERROR: Incorrectly formated message from
2) Checksum mismatch on message from
3) Invalid active response
I am trying to see if any one of them is related to keepalives.
On Thursday, August 9, 2012 6:39:36 AM UTC-7, dan (ddpbsd) wrote:
On
I've found a number of references to this error message, none of them seem
to be helping me though.
I've recently setup an ossec manager, with four agents. Ossec 2.6, Fedora
15 on the manager, and the four agents are all CentOS 6.
I added all of the agents by generating keys, restarting
On Wed, Aug 8, 2012 at 2:53 PM, Nate yjn...@gmail.com wrote:
I've found a number of references to this error message, none of them seem
to be helping me though.
I've recently setup an ossec manager, with four agents. Ossec 2.6, Fedora 15
on the manager, and the four agents are all CentOS 6.
The IP is correct
no nat, The agent is a VM running on a KVM host, getting its network from a
Bridge interface. Just like the other 3 vm's which are working perfectly.
IP is unique
key was copied/pasted from the master.
On Wednesday, August 8, 2012 3:00:48 PM UTC-4, dan (ddpbsd) wrote:
On
16 matches
Mail list logo
