Hi Lucio, There is two issues in this thread. One, the agent disconnects and then reconnects by itself. That's fine and can happen on high load environment or when a message gets dropped.
The second issue that Mike mentioned happens when the counters get out of sync and the agent never reconnects. For this problem, you have to either clean the "rids" directory on the manager or disable the counters. To disable it, set verify_msg_id to 0 on the internal_options.conf file: # Verify msg id (set to 0 to disable it) remoted.verify_msg_id=0 Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Thu, May 13, 2010 at 1:21 PM, Lucio Emanuel Soldo <[email protected]> wrote: > Hi Mike, how are you? Could you post the final solution your team has > produced in order to fix its problem? > > Thanx alot! > > On Tue, May 11, 2010 at 6:56 PM, Pendergrast, Michael L > <[email protected]> wrote: >> >> Yes we have >> >> although we have v1.6 >> >> I don't have the details as my team has worked the problem and is >> currently deployed. >> >> What we did find is that there is a counter in the agent and in the >> manager and if they get out of sequence the agent will stop (basicaqlly they >> get out of sequence). We also found that at startup of the UNIX agents that >> if multiple agents all start at the same time, the agents will stop. In >> this case, for initial startup we had to sequence the startup in about 10 >> min increments. >> >> Mike >> ________________________________ >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Griffith, Robert >> Sent: Tuesday, May 11, 2010 12:26 PM >> To: '[email protected]' >> Subject: [ossec-list] All UNIX/LINUX agents disconnecting >> Importance: High >> >> We have been running the new version of Ossec 2.4 in our environment for >> 3 weeks. Yesterday all of our UNIX/LINUX client agents started >> disconnecting. None of our Windows Server client agents have disconnected. >> Has anyone experienced this and/or found a resolution for this issue. >> >> Thank you, >> Robert >> >
