Hello dan, I did that you recommend me but the problem still keep going. The only that appears connect is ID: 000, Name: vknxsegfim (server), IP: 127.0.0.1, Active/Local and the logs dont help me so mucho XD
Regards El miércoles, 9 de agosto de 2017, 15:54:45 (UTC-5), dan (ddpbsd) escribió: > > On Mon, Aug 7, 2017 at 10:49 AM, Carlos Islas <sparks....@gmail.com > <javascript:>> wrote: > > > > Thank you Dan, > > > > Sorry but i still confuse, I dont want to do something that get worse > this > > situation. Do you have any idea to fix the error? > > > > 2 temporary fixes are to either stop the OSSEC server processes, > delete the rids files, and start the processes > or stop the ossec server processes, disable rids, and start the processes. > > Trying to figure out why the rids files either weren't updated on the > agent, or why they were overwritten might be worthwhile. > > > Regards... > > > > > > El viernes, 4 de agosto de 2017, 12:20:15 (UTC-5), dan (ddpbsd) > escribió: > >> > >> On Fri, Aug 4, 2017 at 11:59 AM, Carlos Islas <sparks....@gmail.com> > >> wrote: > >> > Hi! > >> > > >> > The manager hasn´t agent. The alerts came from the other host. > >> > > >> > root@vknxsegfim:/var/ossec/bin# ./agent_control -lc > >> > > >> > OSSEC HIDS agent_control. List of available agents: > >> > ID: 000, Name: vknxsegfim (server), IP: 127.0.0.1, Active/Local > >> > > >> > but i dont know why all the host appear disconnected > >> > > >> > ID: 054, Name: knxvozdb, IP: 172.27.1.153, Disconnected > >> > ID: 102, Name: posmexngs, IP: 172.17.2.24, Disconnected > >> > ID: 103, Name: knxsegk01, IP: 172.27.4.45, Disconnected > >> > ID: 104, Name: websense, IP: 172.17.2.228, Disconnected > >> > ID: 105, Name: websense1, IP: 172.17.2.22, Disconnected > >> > ID: 106, Name: wspsknx, IP: 172.27.4.131, Disconnected > >> > ID: 055, Name: KNXVOZMSERVER-1, IP: 172.27.1.173, Disconnected > >> > ID: 056, Name: OGNODE1, IP: 172.27.1.70, Disconnected > >> > ID: 057, Name: OGNODE2, IP: 172.27.1.71, Disconnected > >> > ID: 058, Name: OGNODE3, IP: 172.27.1.72, Disconnected > >> > ID: 059, Name: KNXVOZPREDB, IP: 172.27.1.74, Disconnected > >> > ID: 060, Name: siem_indexer, IP: 172.27.4.78, Disconnected > >> > ID: 061, Name: VKNXSEG07, IP: 172.27.200.178, Disconnected > >> > ID: 062, Name: F3Mpwmordc01, IP: 172.27.4.10, Disconnected > >> > ID: 063, Name: V3Mpwmordc01, IP: 172.27.200.95, Disconnected > >> > ID: 064, Name: Vknxmorwsus, IP: 172.27.200.99, Disconnected > >> > ID: 066, Name: Posmexdc01, IP: 172.17.1.80, Disconnected > >> > > >> > Some idea that why is happen this? > >> > > >> > >> The duplicated rids errors are a clue. For some reason (agents were > >> re-imaged, rids files were deleted on the agents, etc), the agents are > >> presenting the same counters as they had previously. The rids counters > >> are an attempt to prevent replay attacks, so duplicate counters are > >> bad. > >> > >> > > >> > > >> > Regards... > >> > > >> > > >> > El viernes, 4 de agosto de 2017, 5:57:46 (UTC-5), jose escribió: > >> >> > >> >> Hi Carlos, > >> >> > >> >> The manager has his own agent, probably the alerts are from the > manager > >> >> it > >> >> self. > >> >> > >> >> > >> >> > >> >> Regards > >> >> ----------------------- > >> >> Jose Luis Ruiz > >> >> Wazuh Inc. > >> >> jo...@wazuh.com > >> >> > >> >> On August 3, 2017 at 7:57:59 PM, Carlos Islas (sparks....@gmail.com) > > >> >> wrote: > >> >> > >> >> In adition the host send alerts to my email but still > disconnected... > >> >> how > >> >> can it be? > >> >> > >> >> =S > >> >> > >> >> El jueves, 3 de agosto de 2017, 12:48:04 (UTC-5), Carlos Islas > >> >> escribió: > >> >>> > >> >>> Hi Jose, > >> >>> > >> >>> Thanks for your answer, i send you the log: > >> >>> > >> >>> 2017/08/01 13:44:10 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 15:19:33 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 15:19:37 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 15:22:01 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 15:22:06 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 15:22:06 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 15:41:06 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 15:58:14 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 15:58:20 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 15:58:20 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 16:06:12 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 16:06:17 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 16:06:17 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 16:36:50 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 16:36:55 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 16:36:55 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 16:54:19 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 16:54:24 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 16:54:24 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 16:55:02 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 16:55:12 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 16:55:17 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 16:55:17 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 17:00:35 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 17:00:40 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 17:00:40 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 17:04:19 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 17:04:25 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 17:04:25 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 17:08:15 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 17:08:20 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 17:08:20 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 17:09:00 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 17:09:05 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 17:09:05 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 17:09:57 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 17:10:02 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 17:10:02 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 17:11:30 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 17:11:35 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 17:11:35 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 17:21:08 ossec-maild(1207): ERROR: Unable to switch to > >> >>> group: > >> >>> 'ossec' > >> >>> . > >> >>> 2017/08/01 17:21:08 ossec-execd(1207): ERROR: Unable to switch to > >> >>> group: > >> >>> 'ossec' > >> >>> . > >> >>> 2017/08/01 17:22:11 ossec-logcollector(1224): ERROR: Error sending > >> >>> message to qu > >> >>> eue. > >> >>> 2017/08/01 17:22:14 ossec-logcollector(1210): ERROR: Queue > >> >>> '/var/ossec/queue/oss > >> >>> ec/queue' not accessible: 'Connection refused'. > >> >>> 2017/08/01 17:22:14 ossec-logcollector(1211): ERROR: Unable to > access > >> >>> queue: '/v > >> >>> ar/ossec/queue/ossec/queue'. Giving up.. > >> >>> 2017/08/01 17:22:23 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 17:22:28 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 17:22:28 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 17:26:34 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 17:26:38 ossec-rootcheck(1224): ERROR: Error sending > >> >>> message > >> >>> to queue > >> >>> . > >> >>> 2017/08/01 17:26:39 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 17:26:39 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 17:27:30 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 17:27:35 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 17:27:35 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 17:28:58 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 17:29:03 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 17:29:03 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 17:30:08 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /003'. > >> >>> 2017/08/01 17:30:13 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 17:30:13 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 17:31:35 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /003'. > >> >>> 2017/08/01 17:31:41 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 17:31:41 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 17:32:08 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /998'. > >> >>> 2017/08/01 17:32:13 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 17:32:13 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 17:39:26 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 17:39:32 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 17:39:32 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 18:00:16 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /001'. > >> >>> 2017/08/01 18:00:21 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 18:00:21 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 18:07:19 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/01 18:07:25 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/01 18:07:29 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/01 18:07:34 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/01 18:07:40 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/01 18:20:25 ossec-remoted(1206): ERROR: Unable to Bind port > >> >>> '1514' > >> >>> 2017/08/01 18:20:53 ossec-remoted(1210): ERROR: Queue > >> >>> '/queue/ossec/queue' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 18:20:53 ossec-remoted(1211): ERROR: Unable to access > >> >>> queue: > >> >>> '/queue/ > >> >>> ossec/queue'. Giving up.. > >> >>> 2017/08/01 18:22:44 ossec-remoted(1210): ERROR: Queue > >> >>> '/queue/ossec/queue' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 18:22:44 ossec-remoted(1211): ERROR: Unable to access > >> >>> queue: > >> >>> '/queue/ > >> >>> ossec/queue'. Giving up.. > >> >>> 2017/08/01 18:24:44 ossec-remoted(1210): ERROR: Queue > >> >>> '/queue/ossec/queue' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 18:24:44 ossec-remoted(1211): ERROR: Unable to access > >> >>> queue: > >> >>> '/queue/ > >> >>> ossec/queue'. Giving up.. > >> >>> 2017/08/01 18:26:01 ossec-remoted(1210): ERROR: Queue > >> >>> '/queue/ossec/queue' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 18:26:01 ossec-remoted(1211): ERROR: Unable to access > >> >>> queue: > >> >>> '/queue/ > >> >>> ossec/queue'. Giving up.. > >> >>> 2017/08/01 18:26:18 ossec-syscheckd(1210): ERROR: Queue > >> >>> '/var/ossec/queue/ossec/ > >> >>> queue' not accessible: 'Connection refused'. > >> >>> 2017/08/01 18:26:18 ossec-rootcheck(1210): ERROR: Queue > >> >>> '/var/ossec/queue/ossec/ > >> >>> queue' not accessible: 'Connection refused'. > >> >>> 2017/08/01 18:26:26 ossec-syscheckd(1210): ERROR: Queue > >> >>> '/var/ossec/queue/ossec/ > >> >>> queue' not accessible: 'Connection refused'. > >> >>> 2017/08/01 18:26:26 ossec-rootcheck(1210): ERROR: Queue > >> >>> '/var/ossec/queue/ossec/ > >> >>> queue' not accessible: 'Connection refused'. > >> >>> 2017/08/01 18:26:39 ossec-syscheckd(1210): ERROR: Queue > >> >>> '/var/ossec/queue/ossec/ > >> >>> queue' not accessible: 'Connection refused'. > >> >>> 2017/08/01 18:26:39 ossec-rootcheck(1211): ERROR: Unable to access > >> >>> queue: > >> >>> '/var/ > >> >>> ossec/queue/ossec/queue'. Giving up.. > >> >>> 2017/08/01 18:33:07 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /004'. > >> >>> 2017/08/01 18:33:12 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 18:33:12 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 18:34:25 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /004'. > >> >>> 2017/08/01 18:34:30 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 18:34:30 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 18:51:32 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /004'. > >> >>> 2017/08/01 18:51:38 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 18:51:38 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 19:00:54 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /004'. > >> >>> 2017/08/01 19:00:59 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 19:00:59 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 19:04:31 ossec-remoted(1103): ERROR: Unable to open file > >> >>> '/queue/rids > >> >>> /999'. > >> >>> 2017/08/01 19:04:36 ossec-analysisd(1210): ERROR: Queue > >> >>> '/queue/alerts/ar' not a > >> >>> ccessible: 'Connection refused'. > >> >>> 2017/08/01 19:04:36 ossec-analysisd(1301): ERROR: Unable to connect > to > >> >>> active re > >> >>> sponse queue. > >> >>> 2017/08/01 19:10:01 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/01 19:10:07 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/01 19:10:11 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/01 19:10:16 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/01 19:10:22 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/01 20:13:06 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/01 20:13:12 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/01 20:13:16 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/01 20:13:21 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/01 20:13:27 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/01 21:47:54 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/01 21:48:00 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/01 21:48:04 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/01 21:48:09 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/01 21:48:15 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/01 22:19:11 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/01 22:19:17 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/01 22:19:21 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/01 22:19:26 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/01 22:19:32 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 00:25:34 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 00:25:40 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 00:25:44 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 00:25:49 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 00:25:55 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 00:26:05 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 00:26:11 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 00:26:15 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 00:26:20 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 00:26:26 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 02:32:15 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 02:32:21 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 02:32:25 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 02:32:30 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 02:32:36 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 03:04:34 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 03:04:40 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 03:04:44 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 03:04:49 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 03:04:55 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 04:39:14 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 04:39:20 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 04:39:24 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 04:39:29 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 04:39:35 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 05:43:21 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 05:43:27 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 05:43:31 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 05:43:36 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 05:43:42 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 06:46:31 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 06:46:37 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 06:46:41 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 06:46:46 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 06:46:52 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 08:22:26 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 08:22:32 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 08:22:36 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 08:22:41 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 08:22:47 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >>> m '172.27.1.122'. > >> >>> 2017/08/02 08:54:06 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 08:54:12 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 08:54:16 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 08:54:21 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 08:54:27 ossec-remoted(1407): ERROR: Duplicated counter > for > >> >>> 'posmexng > >> >>> s'. > >> >>> 2017/08/02 11:01:49 ossec-remoted(1403): ERROR: Incorrectly > formated > >> >>> message fro > >> >> > >> >> -- > >> >> > >> >> --- > >> >> You received this message because you are subscribed to the Google > >> >> Groups > >> >> "ossec-list" group. > >> >> To unsubscribe from this group and stop receiving emails from it, > send > >> >> an > >> >> email to ossec-list+...@googlegroups.com. > >> >> For more options, visit https://groups.google.com/d/optout. > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to ossec-list+...@googlegroups.com. > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
