I deleted some of the lines starting with bang (!) but that didn't clear up the problem. My client.keys is now smaller than 2048, but I still can't add agents. I was able to duplicate this problem on a fresh install in vagrant. Using the bin/manage_agents command I was able to add over 4k clients (and clients.keys grew without problem). However, when I try to add a new agent through authd... I get the same internal error problem.
Results of commands: $ cat /var/ossec/etc/client.keys | wc -l 2032 $ cat /var/ossec/etc/client.keys | grep -P "^\d+\s*\!" -v | wc -l 209 $ cat /var/ossec/etc/client.keys | grep -P "^\d+\s*\!" | wc -l 1823 On Mon, May 22, 2017 at 6:28 PM, Jesus Linares <je...@wazuh.com> wrote: > Hi, > > as you mentioned, it seems that inactive agents are counting for the limit > (2048 agents). Run the following commands in order to know the size of the > *client.keys > *file: > > - Total lines: cat /var/ossec/etc/client.keys | wc -l > - Active agents: cat /var/ossec/etc/client.keys | grep -P "^\d+\s*\!" > -v | wc -l > - Inactive agents: cat /var/ossec/etc/client.keys | grep -P > "^\d+\s*\!" | wc -l > > The solution could be clean the client.keys (lines with "!") after > removing the agent. > > Regards. > > > On Monday, May 22, 2017 at 11:05:38 AM UTC+2, Topper Bowers wrote: >> >> Hi, >> >> My client has a highly dynamic environment and we're using OSSEC (wazuh >> 1.1.1 release, OSSEC v2.8). When a server spins up, it registers itself as >> an agent to the servers authd and everything was going ok. However, my >> client.keys file is now 2048 lines long and no new agents can register. >> They get an "(internal error)" that we see in the /var/ossec/logs/ossec.log >> >> We have a process in place to remove inactive agents using the >> `/var/ossec/bin/manage_agents -r ${ossec_id}` command. And if you use >> /var/ossec/bin/manage_agents -l only about 100 agents show up. >> >> I've seen this https://groups.google.com/forum/#!topic/ossec-list/lgFD >> OlR6zNg and it looks remarkably similar to what we're seeing. However, >> we don't actually have thousands of active agents. It seems like inactive >> agents are counting against the limit. Since we have a really dynamic >> environment with servers going up and down all the time, increasing the >> limit seems like it's just pushing out the inevitable. >> >> In summary... dynamic environment, can't add new agents, only 100 or so >> active agents, 2048 lines in client.keys. No other error messages besides >> "internal error" >> >> Any suggestions? >> >> Thanks! >> >> Topper >> > -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "ossec-list" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/ossec-list/k_MFr5aAjRU/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- *Topper Bowers* *Engineering* *Vitals* | 160 Chubb Ave, Suite 301, Lyndhurst, NJ 07071, USA M : 646.515.6630 http://www.vitals.com -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.