Folks I'm sure I've posted something about this in the past, but couldn't find it so I'll go again.
We are continually have to restart the OSSEC Service on server as all agents are going offline. The only errors appearing the logs are: 2011/09/06 12:03:29 ossec-remoted(1501): ERROR: No IP or network allowed in the access list for syslog. No reason for running it. Exiting. 2011/09/07 03:00:02 ossec-remoted(1501): ERROR: No IP or network allowed in the access list for syslog. No reason for running it. Exiting. 2011/09/07 03:00:02 ossec-remoted(1206): ERROR: Unable to Bind port '1514' 2011/09/07 03:08:41 ossec-rootcheck(1224): ERROR: Error sending message to queue. 2011/09/07 08:53:38 ossec-remoted(1501): ERROR: No IP or network allowed in the access list for syslog. No reason for running it. Exiting. Can anyone shed some light on: 1 - How to monitor this? I have raised the Agent offline alert to a higher level, but I would like some automated monitoring of this state. 2 - Whether anyone has any idea of how to troubleshoot this issue? I'm running v2.6 on the server. I've increased Max agents to 2048 as I have about 260 agents. Thanks Pip
