I agree, there's enough flaky behavior to warrant some closer scrutiny of server/agent communications. I've been trying to obtain some information on the details of the protocol so I can review it (see http://groups.google.com/group/ossec-list/browse_thread/thread/3a8aee9fffd942e1/c36bde94b28b4fa2 ) but not having any luck. Any body know of any technical docs in this area?
- [ossec-list] Do OSSEC agents cache events when offline? Stefano Pedretti
- [ossec-list] Re: Do OSSEC agents cache events when o... roger
- Re: [ossec-list] Re: Do OSSEC agents cache event... Daniel Cid
- RE: [ossec-list] Re: Do OSSEC agents cache event... Chris Kolb
- [ossec-list] Re: Do OSSEC agents cache event... Stefano Pedretti
- [ossec-list] Re: Do OSSEC agents cache e... Dave S
- [ossec-list] Re: Do OSSEC agents ca... Stefano Pedretti
- [ossec-list] Re: Do OSSEC agent... Dave S
- [ossec-list] Re: Do OSSEC a... Stefano Pedretti
- RE: [ossec-list] Re: Do OSSEC a... Chris Kolb
- [ossec-list] Re: Do OSSEC a... Dave S
- [ossec-list] Re: Do OSSEC a... spacekiwi
