On Wed, Jul 10, 2013 at 2:21 PM, David Blanton <[email protected]> wrote: > Is there a way to somehow 'start over' with the client key files? A simple > rm -rf perhaps and then just make a new one, and then re-add agents? >
Removing the agents with manage_agents is probably the best way, but you could rm it. I think there would be some other cleanup you'd have to do (particularly in the /var/ossec/queue directories). > > > On Wednesday, July 10, 2013 2:18:20 PM UTC-4, dan (ddpbsd) wrote: >> >> On Tue, Jul 9, 2013 at 3:35 PM, David Blanton >> <[email protected]> wrote: >> > Edit: This is actually appearing to be happening to all servers. A srcip >> > search in the Web UI will only bring up agent started logs, netstat >> > change >> > logs, and that's about it. >> > >> > TLDR: Agentd is not appearing in ossec.log server side. >> > >> > more /opt/ossec/logs/ossec.log | grep agentd >> > >> > nothing... >> > >> >> That's not bad. The server is not generally an agent. >> >> Based on the errors (Error reading >> authentication key) you posted in the original message, I'd say >> something is wrong with the server's client.keys file. >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
