I know this thread is over a year silent now. I have discovered the same error message, also on an agent and also with centralized configuration. The messages only show up on my Solaris agent. I have configured to automatically restart OSSEC if the agent.conf changes. Since the manager is running on CentOS and notified in realtime, that the agent.conf changed, I get an immediate restart of OSSEC on the manger. The new agent.conf will be pushed then directly to the clients, what causes the other CentOS with realtime monitoring to restart OSSEC. Since on Solaris the realtime monitoring is not working, I need two syscheck cycles to ralize there is a new agent.conf file and OSSEC restarts. The messages occur in the period between the managers restart and the Solaris agent restart on the Solaris agent. They will disappear after a successful restart of the Solaris agent. This is what I have seen in my environment, I have no idea if that is the correct behavior of OSSEC in that case or not. I have also not checked if I can force the agent to restart if he receives this Messages.
Am Freitag, 4. März 2011 20:39:39 UTC+1 schrieb dan (ddpbsd): > > 've never seen that error message. Are there any corresponding > messages on the manager side? > If they pop up again, you could try turning debug on for agentd. > > On Thu, Mar 3, 2011 at 6:03 PM, Satish Patel wrote: > > These messages on agent side and they came when I did centralized config. > > > > It came for few mins and then go away. I thought may be you guys know > what > > happen. > > > > -- > > Sent from my iPhone > > > > On Mar 3, 2011, at 5:32 PM, "dan (ddp)" wrote: > > > >> I've never seen that error message. Are there any corresponding > >> messages on the manager side? > >> > >> On Thu, Mar 3, 2011 at 4:17 PM, satish patel wrote: > >>> > >>> What is this thing ? where it comes from ? > >>> > >>> 2011/03/03 11:42:11 ossec-logcollector: INFO: Started (pid: 6681). > >>> 2011/03/03 12:45:13 ossec-execd: INFO: Active response command not > >>> present: '/var/ossec/active-response/bin/restart-ossec.cmd'. Not using > >>> it on this system. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:11 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:12 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:12 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:12 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> 2011/03/03 13:00:12 ossec-agentd: WARN: Unknown message received. No > >>> action defined. > >>> > > >
