Hi; My ossec environment, currently, consists of only one ossec server. That'll expand reasonably soon; however, at the moment, just got the one server. Since I only had the one server, when I started, I did not run the manage_agents command. After some changes to the ossec config file, I ran the "agent_control -r -a" to run an immediate syscheck and got the error:
2012/08/23 11:01:00 agent_control(1210): ERROR: Queue '/queue/alerts/ar' not accessible: 'Connection refused'. 2012/08/23 11:01:00 agent_control(1301): ERROR: Unable to connect to active response qu Do I have to add an agent for the server? I tried that; however, when I run the agent_control command above, while I'm not getting the error, I'm not getting the alerts that I should be after running an immediate syscheck. Thanks for any hints/tips/suggestions. Doug O'Leary
