> > >Are the log messages also being sent to the sever via syslog? Are the > >log files configured twice in the agent's localfile configurations? >
This sentence made me think... I noticed a replicated list of IP addresses in the ossec.conf file for both <connection>syslog</connection> and <connection>secure</connection>. I'm hoping that this may be the issue. I'll delete the secure list of IPs and see if it persists. Since server-side events had different times there were no replicated alerts. Agent-side however...two ports, two alerts? To answer your previous questions- No issues with reports except duplicates. Yes, even with logall, there were two instances. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
