On Wed, Jul 10, 2013 at 2:21 PM, David Blanton
<[email protected]> wrote:
> Is there a way to somehow 'start over' with the client key files? A simple
> rm -rf perhaps and then just make a new one, and then re-add agents?
>

Removing the agents with manage_agents is probably the best way, but
you could rm it. I think there would be some other cleanup you'd have
to do (particularly in the /var/ossec/queue directories).

>
>
> On Wednesday, July 10, 2013 2:18:20 PM UTC-4, dan (ddpbsd) wrote:
>>
>> On Tue, Jul 9, 2013 at 3:35 PM, David Blanton
>> <[email protected]> wrote:
>> > Edit: This is actually appearing to be happening to all servers. A srcip
>> > search in the Web UI will only bring up agent started logs, netstat
>> > change
>> > logs, and that's about it.
>> >
>> > TLDR: Agentd is not appearing in ossec.log server side.
>> >
>> > more /opt/ossec/logs/ossec.log | grep agentd
>> >
>> > nothing...
>> >
>>
>> That's not bad. The server is not generally an agent.
>>
>> Based on the errors (Error reading
>> authentication key) you posted in the original message, I'd say
>> something is wrong with the server's client.keys file.
>>
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to [email protected].
>> > For more options, visit https://groups.google.com/groups/opt_out.
>> >
>> >
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.


Reply via email to