Hello,
since I've updated my ossec-server to Version 2.7 the Database-Logging has
two problems which i think i fixed in my local version.
The first problem is that the last two signs of each message are cut of,
which is fixed simply by editing two lines in src/os_dbd/alert.c
the len+2 counting
Hello everyone,
One of our servers has been having issues recently ( sudden OS lockups) and
I noticed a bunch of kernel errors regarding failed actions reported by
mptscsih and mptbase. These weren't caught by OSSEC so I decided to create
a decoder and rules to catch any future events.
I'm
Well - it happened - I lost a server (hardware raid failure and corrupted
drives).
So here is the question - all the agents have keys, but I lost the other
end - is there ANY way to rebuild a server from this sort of thing and
recover?
I can't think of anything, since it is all built around
Yes, just get the client.keys from all the agents and make a single
client.keys file on the
server with all of them.
The issue is the remote message ids, that you will need to clear on
each agent (delete the rids directory)
or the agents will not accept the messages from the manager.
thanks,
--
