Hi,
quite so, TCP is supported on Wazuh manager and agents, version 1.1 and
above.
If you are experiencing this issue, you may activate the archives on the
manager, with this line at ossec.conf:
*yes*
Restart your agent and look out the file
On Tue, Dec 13, 2016 at 9:11 AM, Chris Decker wrote:
> Victor,
>
> I'm at the point where my agents all have valid keys, so I'm unsure as to
> why I have ~ 750 clients and only ~225 are reported as "active" at any one
> time (all of the machines are alive and well, and
Victor,
Thanks.
What I was doing was *rm*ing everything in /var/ossec except for queue and
logs. Then I was installing the newly-compiled code. When the installer
asked if I wanted to update, I answered "yes", which apparently defaults
the installation to a local installation (I'm not sure
Hi Chris,
since you compiled the project with "TARGET=server", maybe you chose
"local" when installed it. A local installation is a profile like a server
but without Remoted, that's why that daemon doesn't start with "ossec-control
start".
The line at ossec-init.conf has only informational
Victor,
ossec-init.conf is showing the the installation is a *local* installation.
However, I know that I performed a server installation per my notes and
bash history…
make clean
make TARGET=server
Obviously I could change this value back to 'server', but will this fix the
issue?
Hi Chris,
as you guessed, there is one *remoted* process for each
configuration. Although it's strange that "ossec-control stop" does stop
the *remoted *processes but "ossec-control start" doesn't run them.
How did you install Wazuh? Please make sure that the file "
On Fri, 12/9/16, marquitarickman via ossec-list <ossec-list@googlegroups.com>
wrote:
Subject: Re: [ossec-list] remoted Dropping Events
To: ossec-list@googlegroups.com
Date: Friday, December 9, 2016, 9
On Fri, 12/9/16, stephanmabe via ossec-list <ossec-list@googlegroups.com> wrote:
Subject: Re: [ossec-list] remoted Dropping Events
To: ossec-list@googlegroups.com
Date: Friday, December 9, 2016, 9
On Fri, 12/9/16, stephanmabe via ossec-list <ossec-list@googlegroups.com> wrote:
Subject: Re: [ossec-list] remoted Dropping Events
To: ossec-list@googlegroups.com
Date: Friday, December 9, 2016, 9
On Fri, 12/9/16, Chris Decker <ch...@chris-decker.com> wrote:
Subject: Re: [ossec-list] remoted Dropping Events
To: "ossec-list" <ossec-list@googlegroups.com>
Date: Friday, December 9, 2016, 6:24 PM
Dan,
Thanks for
Dan,
Thanks for your help.
Is ossec-remoted listed in the DAEMONS variable in the script?
>
It was *not*, but I added it after noticing it wasn't in there. If I tell
ossec-control to stop, remoted stops as expected:
[root@logger01 limits.d]# /var/ossec/bin/ossec-control stop
Killing
On Dec 9, 2016 9:17 AM, "Chris Decker" wrote:
Victor,
On Friday, December 9, 2016 at 6:42:27 AM UTC-5, Victor Fernandez wrote:
>
> Hi,
>
> Agents should send a keepalive each 10 minutes (600 seconds) by default,
> and this should be enough. But you can go down that time
Victor,
On Friday, December 9, 2016 at 6:42:27 AM UTC-5, Victor Fernandez wrote:
>
> Hi,
>
> Agents should send a keepalive each 10 minutes (600 seconds) by default,
> and this should be enough. But you can go down that time at the agent's
> ossec.conf:
>
>
>
>
> 1.2.3.4
> *60*
Hi,
Agents should send a keepalive each 10 minutes (600 seconds) by default,
and this should be enough. But you can go down that time at the agent's
ossec.conf:
1.2.3.4
*60*
If you see any agent disconnected, check its ossec.log file.
On the other hand, as Dan says,
On Dec 8, 2016 4:41 PM, "Chris Decker" wrote:
All,
I have an OSSEC instance (running the latest/greatest Wuzuh code cloned
from GitHub) that has about 1k active hosts. I've noticed recently that
hosts are flipping back and forth between *Active* and *Disconnected*.
All,
I have an OSSEC instance (running the latest/greatest Wuzuh code cloned
from GitHub) that has about 1k active hosts. I've noticed recently that
hosts are flipping back and forth between *Active* and *Disconnected*.
I've also noticed that not all of the log messages from "*Active" *hosts
16 matches
Mail list logo