On Wed, Mar 21, 2012 at 3:39 PM, MDACC-Luckie <[email protected]> wrote: > We have had a very successful deployment of OSSEC so I got really gung- > ho and decided to add the final handful of servers and generate keys > for them. I generated keys for about 60 extra servers consecutively. > Since that happened and I restarted the OSSEC processes, ossec-remoted > is dying. In my digging around, I noticed the following: > > - When I "(L)ist already added agents" using manage_agents, my full > list of devices I generated keys for appears > > BUT > > - When I do a ./agent_control -l, only the OSSEC server using ID: 000 > is listed and no others. > > As well, when I look in my ossec.log file, I see entries for ossec- > remoted starting but never any other info about issues. Is there some > enhanced logging that I can turn on to see why it is failing? Or any > suggestions for troubleshooting this issue? > > Thanks > Luckie
You can run it in debug mode (`/var/ossec/bin/ossec-control enable debug && /var/ossec/bin/ossec-control restart`). You can run remoted under gdb. gdb /var/ossec/bin/ossec-remoted set follow-fork-mode child run How many agents is the system configured to handle?
