Hi Dan, Yes we use the -D option. I have reason to believe that we are hitting a hard-coded limit of 4000 in the addagent/validate.c file. Our current client.keys file is at ID 4043 for the latest entry.
I'm not sure if simply modifying that amount and recompiling would be enough or are there other lines/files that need to be changed? Patrick Swartz -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of dan (ddp) Sent: Tuesday, February 14, 2012 9:18 AM To: [email protected] Subject: Re: [ossec-list] agent-auth not working - internal error How are you running ossec-authd? Do you need the "-D /opt/ossec" flag for agent-auth? Is there already an n1dpmmgr2 agent? Maybe check permissions on the client.keys file. On Fri, Feb 10, 2012 at 11:32 AM, Swartz, Patrick H <[email protected]> wrote: > > Hi All > I ran across an issue last night that I can't find an answer for. In our > environment we have 2 machines setup as Ossec servers (due to > geographic/firewall rules), one of them responds fine when a client sends the > key request using 'agent-auth -m 10.10.10.1 -D /opt/ossec", however, for > clients trying to connect to the other we get an "(internal error)". > For example: > Log from the client -> > INFO: Using agent name as: n1dpmmgr2 > INFO: Send request to manager. Waiting for reply. > ERROR: Internal manager error adding agent: n1dpmmgr2 (from manager) > ERROR: Unable to add agent. (from manager) > INFO: Connection closed. > > Corresponding log from the server (all that it is...): > 2012/02/10 03:21:55 ossec-authd: ERROR: Unable to add agent: n1dpmmgr2 > (internal error) > > We have tried, stopping/starting the Ossec server, stopping starting > ossec-authd, even recompiled, but none helped. > > One note of interest, for each time a client connects and requests a key, a > "[ossec-authd] <defunct>" process would show up in a process listing. > > Any and all help would be greatly appreciated! > > Patrick Swartz > > > > > ----------------------------------------- > The information in this message may be proprietary and/or > confidential, and protected from disclosure. If the reader of this > message is not the intended recipient, or an employee or agent > responsible for delivering this message to the intended recipient, > you are hereby notified that any dissemination, distribution or > copying of this communication is strictly prohibited. If you have > received this communication in error, please notify First Data > immediately by replying to this message and deleting it from your > computer.
