Thanks for verifying dan. I find it odd that my agents are having multiple 
agent ID's in this dir. I will try and manually delete and add the 
appropriate files to see if that changes anything after I back up the 
folders. I'm not quite sure what I did, but I did resolve the 
authentication issue that I was having originally (or at least I am not 
getting the messages anymore). 

However, my agent.conf file is not getting pushed out, regardless of what 
is in the /opt/ossec/queue/rids folder (including the agent ID), which 
leads me to believe that there is still an issue with connectivity or 
permissions. For my agent.conf file I am seeing permissions as -r--r----- 1 
root ossec agent.conf. Is this correct? I'm thinking it should be 
ossec:ossec.

On Wednesday, July 17, 2013 3:00:43 PM UTC-4, dan (ddpbsd) wrote:
>
>
> On Jul 17, 2013 2:54 PM, "David Blanton" <[email protected]<javascript:>> 
> wrote:
> >
> > Can someone confirm if /opt/ossec/queue/rids (or var/ossec/queue/rids) 
> agent side (for several agents) and server side are suppose to have 
> different amounts of agent ID files?
> >
> > For example, on one agent, I'll see 012, 011, 007, and 004 in the rids 
> folder. Another agent will only have 002 in that file. Another will have 
> 001, 003 and 005. The server has all of them. There seems to be no pattern?
> >
>
> My agent only has a file named 001, which is also its agent id, and a file 
> named sender_counter.
>
> > -- 
> >  
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to [email protected] <javascript:>.
> > For more options, visit https://groups.google.com/groups/opt_out.
> >  
> >  
>  

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.


Reply via email to