[ossec-list] Re: Ossec Agent 2.71 Keeps disconnecting from Ossec server 2.8.3

2016-04-20 Thread theresa mic-snare
awesome, thanks for sharing your experience with us Alexandre. I'm sure this could be beneficial to others as well! Am Dienstag, 19. April 2016 21:13:00 UTC+2 schrieb Alexandre Laquerre: > > So the final result was as follows, the first step i exported the agent > list and updated the list ( i

[ossec-list] Re: Ossec Agent 2.71 Keeps disconnecting from Ossec server 2.8.3

2016-04-19 Thread Alexandre Laquerre
So the final result was as follows, the first step i exported the agent list and updated the list ( i basically erased 1000 agents that were no longer used (#***) and then saved it in csv format. Following that i used the script managed_agents -f to reimport the whole agent list with new IDS.

[ossec-list] Re: Ossec Agent 2.71 Keeps disconnecting from Ossec server 2.8.3

2016-04-13 Thread Alexandre Laquerre
I have added my ossec.conf and agent.conf , Is it possible to have a look to see if there is something that is off ? ( i have removed the IP adress for the agentless section) Thank you, Alex On Wednesday, April 13, 2016 at 10:40:00 AM UTC-4, Kat wrote: > > You should disable RIDS: > >

[ossec-list] Re: Ossec Agent 2.71 Keeps disconnecting from Ossec server 2.8.3

2016-04-13 Thread Alexandre Laquerre
Hi Kat, ok and if i am not mistaken i need to perform the same config for all agents right ? So here is the idea that i feel is perhaps the only solution. Stop the server, erase the RIDS and then have our customer deploy a script in order to stop all the agents and then install the version

[ossec-list] Re: Ossec Agent 2.71 Keeps disconnecting from Ossec server 2.8.3

2016-04-13 Thread Kat
You should disable RIDS: remoted.verify_msg_id=0 The errors should go away. The problem is, RIDS must be removed on both agent and server, that may be causing issues. Kat On Tuesday, April 5, 2016 at 8:21:18 AM UTC-5, Alexandre LAQUERRE wrote: > > Hi, > > > > I have been using Ossec for

[ossec-list] Re: Ossec Agent 2.71 Keeps disconnecting from Ossec server 2.8.3

2016-04-13 Thread Alexandre Laquerre
On Tuesday, April 12, 2016 at 9:53:20 AM UTC-4, Alexandre LAQUERRE wrote: > > Thank you very much for the information, > > > > I was able to convince our customer to deploy the new version update in > order to limit the downtime and well he is going to install 10 or 20 > machines in order to

[ossec-list] RE: Ossec Agent 2.71 Keeps disconnecting from Ossec server 2.8.3

2016-04-12 Thread Alexandre LAQUERRE
Thank you very much for the information, I was able to convince our customer to deploy the new version update in order to limit the downtime and well he is going to install 10 or 20 machines in order to see if it works or not. Thank you, Alexandre Laquerre Analyste Sécurité

[ossec-list] Re: Ossec Agent 2.71 Keeps disconnecting from Ossec server 2.8.3

2016-04-12 Thread Kat
I have seen this as well, and what I found seemed to be related to encryption being used on 2.8.3 vs the 2.7 packages. As Santi suggested, also removing the rids for the agents allows it to connect. I would, however, strongly suggest keeping them within the same release, and it avoids many

Re: [ossec-list] Re: Ossec Agent 2.71 Keeps disconnecting from Ossec server 2.8.3

2016-04-09 Thread Santiago Bassett
do you have errors in your manager /var/ossec/logs/ossec.log? In case it helps try disabling rids both on the manager and agents (it is important to do it in both places). Those probably got messed up during the upgrade. That can be done modifying internal_options.conf remoted.verify_msg_id=0 I

Re: [ossec-list] Re: Ossec Agent 2.71 Keeps disconnecting from Ossec server 2.8.3

2016-04-05 Thread dan (ddp)
On Apr 5, 2016 12:03 PM, "Alexandre Laquerre" wrote: > > Hi , > I have created a gmail account which may make it easier anyway. So i noticed that when i updated the server 2.8.3 everything seem to be good however now the agents are almost all disconnected then 20

[ossec-list] Re: Ossec Agent 2.71 Keeps disconnecting from Ossec server 2.8.3

2016-04-05 Thread Alexandre Laquerre
I would like to also mention that i have been receiving this errors from my linux agent : 2016/04/05 11:45:04 ossec-config: Remote commands are not accepted from the manager. Ignoring it on the agent.conf 2016/04/05 11:45:04 ossec-config(1202): ERROR: Configuration error at

[ossec-list] Re: Ossec Agent 2.71 Keeps disconnecting from Ossec server 2.8.3

2016-04-05 Thread Alexandre Laquerre
Hi , I have created a gmail account which may make it easier anyway. So i noticed that when i updated the server 2.8.3 everything seem to be good however now the agents are almost all disconnected then 20 minutes later they are all basically 50 /50. I am getting a lot of duplicates issues or