>reportsd pid: >Are you running any reports? Do you have any reports configured in >ossec.conf on the server?
Oh sorry for the mix up. No reports configured. >I don't think this will change anything. Are the agents sending logs >via syslog or via the ossec secure method? Both. Until about 5 minutes ago. <remote> <connection>secure</connection> <allowed-ips>xxxx.xxxx.xx.xx</allowed-ips> </remote> <remote> <connection>syslog</connection> <allowed-ips>xxxx.xxxx.xx.xx</allowed-ips> </remote> Both syslog and secure having the same IP addresses. I just deleted secure though. netstat showed OSSEC was using both port 1514 and 514. > If so, the problem is most likely on the agent side, since the server is receiving 2 instances of the log messages. I'll take a look into this. I know for a fact I have an agent.conf file that I set up a long time ago, but because it wasn't getting pushed through I stopped using it. I believe it only has a few development servers on there. However, since the * wildcard syntax couldn't be read in it--verify-agent-conf kept saying there was an error with it-I decided to just manually configure each agent's ossec.conf file. That could be the issue as well. I hope that clarified things a bit? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
