----- "--[ UxBoD ]--" <[email protected]> wrote: | ----- "Chris Peychal" <[email protected]> wrote: | | | I'm having a similar problem, but I'm still on version 2.2. About | 48 | | hours ago I started getting many agent disconnect notices from the | | server. Multiple disconnect notices about the same agent in some | | cases. | | However, when I check the server those agents are still listed as | | being | | connected. | | | | -ChrisP | | | | -----Original Message----- | | From: [email protected] | | [mailto:[email protected]] | | On Behalf Of David Alanis | | Sent: Friday, December 18, 2009 8:09 AM | | To: [email protected] | | Subject: Re: [ossec-list] OSSEC 2.3: All agents disconnected | | | | Quoting "--[ UxBoD ]--" <[email protected]>: | | | | > Hi, | | > | | > Successfully upgraded to V2.3 yesterday and all appeared well .. | | | > Though this morning I got a stream of alerts that all the agents | had | | | | > disconnected. Logged onto the manager and ran agent_control -l | and | | | | > indeed they were all disconnected. I checked the manager log | file | | | | > and nothing spurious; neither on any of the agents. | | > | | > What would cause this ? I checked the local_rules and they all | | | > appeared fine aswell. | | > | | > Best Regards, | | > | | > | | | | This also happens within my setup if I happen to restart the ossec | | | server all the agents appear as disconnected. Restarting every agent | | | | | is the only way to bring them back up on the server. | | | | I am interested to find out what could be causing this? | | | | Cheers, | | SDA | | | | Do any of you happen to be running a security scanner against your | systems eg. OpenVAS ? I have made a change to the system so will see | tomorrow if the suspicion is correct. | | Best Regards,
Well it appears to not be port scanning which brings down the connections :( All agents disconnected again today at exactly the same time as yesterday. I have checked the crontabs on the server and nothing appears to be running at that time. I started all daemons up with -d -d but no debugging information, regarding the disconnections, appeared in the log. How can I enable further debugging to ascertain why this is happening please ???? Thanks,
