awesome, thanks for sharing your experience with us Alexandre.
I'm sure this could be beneficial to others as well!
Am Dienstag, 19. April 2016 21:13:00 UTC+2 schrieb Alexandre Laquerre:
>
> So the final result was as follows, the first step i exported the agent
> list and updated the list ( i ba
So the final result was as follows, the first step i exported the agent
list and updated the list ( i basically erased 1000 agents that were no
longer used (#***) and then saved it in csv format. Following that i used
the script managed_agents -f to reimport the whole agent list with new IDS.
I
I have added my ossec.conf and agent.conf , Is it possible to have a look
to see if there is something that is off ? ( i have removed the IP adress
for the agentless section)
Thank you,
Alex
On Wednesday, April 13, 2016 at 10:40:00 AM UTC-4, Kat wrote:
>
> You should disable RIDS:
>
> remoted
Hi Kat, ok and if i am not mistaken i need to perform the same config for
all agents right ?
So here is the idea that i feel is perhaps the only solution.
Stop the server, erase the RIDS and then have our customer deploy a script
in order to stop all the agents and then install the version 2.8.3
You should disable RIDS:
remoted.verify_msg_id=0
The errors should go away. The problem is, RIDS must be removed on both
agent and server, that may be causing issues.
Kat
On Tuesday, April 5, 2016 at 8:21:18 AM UTC-5, Alexandre LAQUERRE wrote:
>
> Hi,
>
>
>
> I have been using Ossec for quit
On Tuesday, April 12, 2016 at 9:53:20 AM UTC-4, Alexandre LAQUERRE wrote:
>
> Thank you very much for the information,
>
>
>
> I was able to convince our customer to deploy the new version update in
> order to limit the downtime and well he is going to install 10 or 20
> machines in order to
Thank you very much for the information,
I was able to convince our customer to deploy the new version update in order
to limit the downtime and well he is going to install 10 or 20 machines in
order to see if it works or not.
Thank you,
Alexandre Laquerre
Analyste Sécurité
[http://cybercan.c
I have seen this as well, and what I found seemed to be related to
encryption being used on 2.8.3 vs the 2.7 packages. As Santi suggested,
also removing the rids for the agents allows it to connect. I would,
however, strongly suggest keeping them within the same release, and it
avoids many of
do you have errors in your manager /var/ossec/logs/ossec.log?
In case it helps try disabling rids both on the manager and agents (it is
important to do it in both places). Those probably got messed up during the
upgrade. That can be done modifying internal_options.conf
remoted.verify_msg_id=0
I
On Apr 5, 2016 12:03 PM, "Alexandre Laquerre"
wrote:
>
> Hi ,
> I have created a gmail account which may make it easier anyway. So i
noticed that when i updated the server 2.8.3 everything seem to be good
however now the agents are almost all disconnected then 20 minutes later
they are all basical
I would like to also mention that i have been receiving this errors from my
linux agent :
2016/04/05 11:45:04 ossec-config: Remote commands are not accepted from the
manager. Ignoring it on the agent.conf
2016/04/05 11:45:04 ossec-config(1202): ERROR: Configuration error at
'/var/ossec/etc/sh
Hi ,
I have created a gmail account which may make it easier anyway. So i
noticed that when i updated the server 2.8.3 everything seem to be good
however now the agents are almost all disconnected then 20 minutes later
they are all basically 50 /50.
I am getting a lot of duplicates issues or in
12 matches
Mail list logo