I've already tried using manage_agents. I did not remove all of them though. I think I will opt for the rm -rf option.
Oh, also, do you know that the permissions are suppose to be set for .agent_info within the ossec/queue dir? For RHEL5 I have it as root::ossec, however for Solaris 10 to work, I had to set it to root::root. Considering that all agents are having this problem, I am not sure if this will do anything though. On Wednesday, July 10, 2013 2:24:28 PM UTC-4, dan (ddpbsd) wrote: > > On Wed, Jul 10, 2013 at 2:21 PM, David Blanton > <[email protected] <javascript:>> wrote: > > Is there a way to somehow 'start over' with the client key files? A > simple > > rm -rf perhaps and then just make a new one, and then re-add agents? > > > > Removing the agents with manage_agents is probably the best way, but > you could rm it. I think there would be some other cleanup you'd have > to do (particularly in the /var/ossec/queue directories). > > > > > > > On Wednesday, July 10, 2013 2:18:20 PM UTC-4, dan (ddpbsd) wrote: > >> > >> On Tue, Jul 9, 2013 at 3:35 PM, David Blanton > >> <[email protected]> wrote: > >> > Edit: This is actually appearing to be happening to all servers. A > srcip > >> > search in the Web UI will only bring up agent started logs, netstat > >> > change > >> > logs, and that's about it. > >> > > >> > TLDR: Agentd is not appearing in ossec.log server side. > >> > > >> > more /opt/ossec/logs/ossec.log | grep agentd > >> > > >> > nothing... > >> > > >> > >> That's not bad. The server is not generally an agent. > >> > >> Based on the errors (Error reading > >> authentication key) you posted in the original message, I'd say > >> something is wrong with the server's client.keys file. > >> > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/groups/opt_out. > >> > > >> > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
