On Tue, Feb 14, 2012 at 11:54 AM, Swartz, Patrick H <[email protected]> wrote: > Hi Dan, > Yes we use the -D option. I have reason to believe that we are hitting a > hard-coded limit of 4000 in the addagent/validate.c file. Our current > client.keys file is at ID 4043 for the latest entry. > > I'm not sure if simply modifying that amount and recompiling would be enough > or are there other lines/files that need to be changed? >
I have no idea, I don't work with agents on that scale. > > Patrick Swartz > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of dan (ddp) > Sent: Tuesday, February 14, 2012 9:18 AM > To: [email protected] > Subject: Re: [ossec-list] agent-auth not working - internal error > > How are you running ossec-authd? Do you need the "-D /opt/ossec" flag > for agent-auth? Is there already an n1dpmmgr2 agent? Maybe check > permissions on the client.keys file. > > On Fri, Feb 10, 2012 at 11:32 AM, Swartz, Patrick H > <[email protected]> wrote: >> >> Hi All >> I ran across an issue last night that I can't find an answer for. In our >> environment we have 2 machines setup as Ossec servers (due to >> geographic/firewall rules), one of them responds fine when a client sends >> the key request using 'agent-auth -m 10.10.10.1 -D /opt/ossec", however, for >> clients trying to connect to the other we get an "(internal error)". >> For example: >> Log from the client -> >> INFO: Using agent name as: n1dpmmgr2 >> INFO: Send request to manager. Waiting for reply. >> ERROR: Internal manager error adding agent: n1dpmmgr2 (from manager) >> ERROR: Unable to add agent. (from manager) >> INFO: Connection closed. >> >> Corresponding log from the server (all that it is...): >> 2012/02/10 03:21:55 ossec-authd: ERROR: Unable to add agent: >> n1dpmmgr2 (internal error) >> >> We have tried, stopping/starting the Ossec server, stopping starting >> ossec-authd, even recompiled, but none helped. >> >> One note of interest, for each time a client connects and requests a key, a >> "[ossec-authd] <defunct>" process would show up in a process listing. >> >> Any and all help would be greatly appreciated! >> >> Patrick Swartz >> >> >> >> >> ----------------------------------------- >> The information in this message may be proprietary and/or >> confidential, and protected from disclosure. If the reader of this >> message is not the intended recipient, or an employee or agent >> responsible for delivering this message to the intended recipient, >> you are hereby notified that any dissemination, distribution or >> copying of this communication is strictly prohibited. If you have >> received this communication in error, please notify First Data >> immediately by replying to this message and deleting it from your >> computer.
