----- "--[ UxBoD ]--" <[email protected]> wrote: | ----- "--[ UxBoD ]--" <[email protected]> wrote: | | | ----- "Michael Starks" <[email protected]> wrote: | | | | | > Well it appears to not be port scanning which brings down the | | | connections :( | | | > | | | > All agents disconnected again today at exactly the same time as | | | yesterday. I have checked the crontabs on the server and nothing | | | appears to be running at that time. | | | > | | | > I started all daemons up with -d -d but no debugging | information, | | | regarding the disconnections, appeared in the log. | | | > | | | > How can I enable further debugging to ascertain why this is | | | happening please ???? | | | | | | If it happened at the same time, maybe it has something to do | with | | a | | | syscheck or rootcheck scan. | | | | Perhaps; though why would it not be picked up in the debugging ? | | | | Best Regards, | | Well it happened again this morning, at exactly the same time, though | this time I had tcpdump running. It would appear at the time they all | disconnected a Window 2K3 server from port 1275 connect to the OSSEC | manager. At that point all the agents disconnected. | | Thoughts ?
The problem has been resolved :) it was due to the vserver hashify functionality .. Have added /usr/local/ossec to the exclude file and all agents stay connected now. Very confused as to why that happens though as no other vservers have ossec installed. Thanks,
