Re: [ossec-list] Agents Disconnected

On Fri, Aug 4, 2017 at 11:59 AM, Carlos Islas wrote: > Hi! > > The manager hasn´t agent. The alerts came from the other host. > > root@vknxsegfim:/var/ossec/bin# ./agent_control -lc > > OSSEC HIDS agent_control. List of available agents: >ID: 000, Name: vknxsegfim

Re: [ossec-list] OSSEC create a decoder (31101)

On Fri, Aug 4, 2017 at 2:57 AM, Fredrik Hilmersson wrote: > Hello, > > I would like some help and pointers to create a decoder. So I ran the line > from the access log (see below). What I would like to accomplish is to > match: python-requests/2.2.1 However as you

Re: [ossec-list] Agents Disconnected

Hi! The manager hasn´t agent. The alerts came from the other host. root@vknxsegfim:/var/ossec/bin# ./agent_control -lc OSSEC HIDS agent_control. List of available agents: ID: 000, Name: vknxsegfim (server), IP: 127.0.0.1, Active/Local but i dont know why all the host appear disconnected

[ossec-list] OSSEC create a decoder (31101)

Hello, I would like some help and pointers to create a decoder. So I ran the line from the access log (see below). What I would like to accomplish is to match: python-requests/2.2.1 However as you can see at the moment the default decoder for rule 31101, does only store the srcip, url and id

Re: [ossec-list] Agents Disconnected

Hi Carlos, The manager has his own agent, probably the alerts are from the manager it self. Regards --- Jose Luis Ruiz Wazuh Inc. j...@wazuh.com On August 3, 2017 at 7:57:59 PM, Carlos Islas (sparks.10008...@gmail.com) wrote: In adition the host send alerts to my email

Re: [ossec-list] Agents Disconnected

Hi Carlos, Looking your logs seems like you have a problem with Duplicated counters, i think you have two options to fix this error: 1.- You can edit the file /var/ossec/etc/internal-options.conf check the value *remoted.verify_msg_id* and set to 0 in both sides, manager and agents and restart