Re: [ossec-list] Re: Windows agent doesn't synchronize agent.conf

2017-08-02 Thread dan (ddp)
On Wed, Aug 2, 2017 at 7:19 AM, Stephen Crow wrote: > can this be changed to use TCP instead of UDP? i have the same issue but i > dont think changing the default buffer size is a good idea > Yes, just add tcp support to agentd and remoted. Wazuh may already have this,

Re: [ossec-list] Server maximum thresholds

2017-08-02 Thread dan (ddp)
On Wed, Aug 2, 2017 at 5:21 AM, LGuerra wrote: > Hi guys, > > I think that my server isn't collecting/analyzing all agent messages. A few > days ago I turned off a huge log source and OSSEC started showing a lot more > events from the other sources. My guess is that lots of

Re: [ossec-list] Agents Disconnected

2017-08-02 Thread Jose Luis Ruiz
Hi Carlos, Take a look from the log file /var/ossec/logs/ossec.log, this is the main log file for managers and agents. You can do something like *cat /var/ossec/logs/ossec.log | grep ERROR, *to verify if you have errors in some point. Regards --- Jose Luis Ruiz Wazuh Inc.

Re: [ossec-list] Re: Windows agent doesn't synchronize agent.conf

2017-08-02 Thread Nathan Buuck
This issue has been documented in https://github.com/ossec/ossec-hids/issues/1205 and resolved in PR https://github.com/ossec/ossec-hids/pull/1207. You can fetch the latest from the repo, compile , and distribute on

[ossec-list] Agents Disconnected

2017-08-02 Thread Carlos Islas
Good day, I am having a trouble with OSSEC v2.8.3. I had added more or less 20 hosts and it were reporting correctly in my server but now all the agents appears disconnected. I tried to restart it remotely and local but dont show the Status Active this using the command ./agent_control -lc

Re: [ossec-list] Re: Windows agent doesn't synchronize agent.conf

2017-08-02 Thread Stephen Crow
can this be changed to use TCP instead of UDP? i have the same issue but i dont think changing the default buffer size is a good idea On Monday, 10 July 2017 12:34:48 UTC+1, Victor Fernandez wrote: > > Hi Ricardo, > > in this case it's probable that the Windows agent is dropping UDP packages >

[ossec-list] Server maximum thresholds

2017-08-02 Thread LGuerra
Hi guys, I think that my server isn't collecting/analyzing all agent messages. A few days ago I turned off a huge log source and OSSEC started showing a lot more events from the other sources. My guess is that lots of messages are being lost due to OSSEC inability to correlate them all. Is