Re: [ossec-list] Re: Windows agent doesn't synchronize agent.conf

2017-08-03 Thread Victor Fernandez
Hi all, I think that the issue you referred is not the cause of this problem: it will write the merged.mg as a binary file but this shouldn't matter because OSSEC and Wazuh performs the shared file (merged.mg) MD5 as a text file, so the hash should match. As I said before IMHO the issue

Re: [ossec-list] Re: Windows agent doesn't synchronize agent.conf

2017-08-02 Thread dan (ddp)
On Wed, Aug 2, 2017 at 7:19 AM, Stephen Crow wrote: > can this be changed to use TCP instead of UDP? i have the same issue but i > dont think changing the default buffer size is a good idea > Yes, just add tcp support to agentd and remoted. Wazuh may already have this,

Re: [ossec-list] Re: Windows agent doesn't synchronize agent.conf

2017-08-02 Thread Nathan Buuck
This issue has been documented in https://github.com/ossec/ossec-hids/issues/1205 and resolved in PR https://github.com/ossec/ossec-hids/pull/1207. You can fetch the latest from the repo, compile , and distribute on

Re: [ossec-list] Re: Windows agent doesn't synchronize agent.conf

2017-08-02 Thread Stephen Crow
can this be changed to use TCP instead of UDP? i have the same issue but i dont think changing the default buffer size is a good idea On Monday, 10 July 2017 12:34:48 UTC+1, Victor Fernandez wrote: > > Hi Ricardo, > > in this case it's probable that the Windows agent is dropping UDP packages >

Re: [ossec-list] Re: Windows agent doesn't synchronize agent.conf

2017-07-10 Thread Victor Fernandez
Hi Ricardo, in this case it's probable that the Windows agent is dropping UDP packages from the manager due to overflow. The default UDP buffer size in Linux is 212992 (208 KiB) but I think that in Windows it is only 8 KiB. OSSEC resizes the buffer to 6 KiB (the maximum message length) when the

Re: [ossec-list] Re: Windows agent doesn't synchronize agent.conf

2017-07-07 Thread Ricardo Galossi
Hi Victor, Thanks for your reply. I did everything you told me, but the error persist. I continuous receiving many logs as below: ossec-agentd: Failed md5 for: shared/merged.mg -- deleting. A new thing that I realized is that the file ar.conf is not present in windows agent installation

Re: [ossec-list] Re: Windows agent doesn't synchronize agent.conf

2017-07-03 Thread Victor Fernandez
Hi, it is strange that the log indicates line 147 when it was not able to read it. Maybe the agent.conf file is not arriving to the agent or it is being discarded due to a checksum error. First, please remove file *merged.mg * from folder *shared* in the agent and the manager.