Thanks for verifying dan. I find it odd that my agents are having multiple agent ID's in this dir. I will try and manually delete and add the appropriate files to see if that changes anything after I back up the folders. I'm not quite sure what I did, but I did resolve the authentication issue that I was having originally (or at least I am not getting the messages anymore).
However, my agent.conf file is not getting pushed out, regardless of what is in the /opt/ossec/queue/rids folder (including the agent ID), which leads me to believe that there is still an issue with connectivity or permissions. For my agent.conf file I am seeing permissions as -r--r----- 1 root ossec agent.conf. Is this correct? I'm thinking it should be ossec:ossec. On Wednesday, July 17, 2013 3:00:43 PM UTC-4, dan (ddpbsd) wrote: > > > On Jul 17, 2013 2:54 PM, "David Blanton" <[email protected]<javascript:>> > wrote: > > > > Can someone confirm if /opt/ossec/queue/rids (or var/ossec/queue/rids) > agent side (for several agents) and server side are suppose to have > different amounts of agent ID files? > > > > For example, on one agent, I'll see 012, 011, 007, and 004 in the rids > folder. Another agent will only have 002 in that file. Another will have > 001, 003 and 005. The server has all of them. There seems to be no pattern? > > > > My agent only has a file named 001, which is also its agent id, and a file > named sender_counter. > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
