Hi! For me ./agent_control -R 000 do not work:
2010/02/24 09:55:26 agent_control(1210): ERROR: Queue '/queue/alerts/ ar' not accessible: 'Queue not found'. 2010/02/24 09:55:41 agent_control(1301): ERROR: Unable to connect to active response queue. ** Unable to connect to remoted. ./agent_control -L OSSEC HIDS agent_control. Available active responses: ??? On 19 Feb., 15:56, "dan (ddp)" <[email protected]> wrote: > Look for something like the following in the agent's ossec.conf: > > <active-response> > <disabled>no</disabled> > </active-response> > > Although, I just tried agent_control -r -u <agent_id> and it didn't > seem to work > for me. agent_control -R <agent_id> restarted the process and kicked off > a syscheck scan just fine though. > > On Fri, Feb 19, 2010 at 8:48 AM, Mike Sievers > > <[email protected]> wrote: > > Hi! > > > There are no error in my log file > > How can I check if active response is running? > > Maybe agent_control is not the statement I am looking for > > All I want is: > > patch the server > > acknowledge the changes immediately > > receiving the alert fast
