----- "--[ UxBoD ]--" <[email protected]> wrote: | ----- "Michael Starks" <[email protected]> wrote: | | | > Well it appears to not be port scanning which brings down the | | connections :( | | > | | > All agents disconnected again today at exactly the same time as | | yesterday. I have checked the crontabs on the server and nothing | | appears to be running at that time. | | > | | > I started all daemons up with -d -d but no debugging information, | | regarding the disconnections, appeared in the log. | | > | | > How can I enable further debugging to ascertain why this is | | happening please ???? | | | | If it happened at the same time, maybe it has something to do with | a | | syscheck or rootcheck scan. | | Perhaps; though why would it not be picked up in the debugging ? | | Best Regards,
Well it happened again this morning, at exactly the same time, though this time I had tcpdump running. It would appear at the time they all disconnected a Window 2K3 server from port 1275 connect to the OSSEC manager. At that point all the agents disconnected. Thoughts ?
