I got most everything to work except at one site. After looking through
everything on that server, I noticed that the sender_counter file is
missing from rids directory. I know that keeps track/count of
something...could that be what's causing some of my agents to not be able
to connect?
On
That file is definitely required, though I am not sure it has anything to
do with the agent connecting in.
You showed earlier connections on port 1514 from the devices in question
right?
Does the ossec.log note any issues with those devices?
for what it is worth, here is a sender_counter file
Just note that there is no magic here - it does not work because your
automated way does not 100% replicate the manual way (how to add an agent /
the client.keys / the ossec.conf / the agent installation...)
My guess is that the key file is not created correctly - preventing the
client-server
