Hi, We recently migrated OSSEC server on a CentOS box to another CentOS. There were roughly 70 agents(Win/Linux) reporting to this server. During migration, I made sure to keep the hostname / ip same and also copied client.keys.
After starting OSSEC on the new server, around 22 agents started reporting correctly but that was only till an hour. After that, most of the agents dropped off, leaving the active count to only 4. I verified the client.keys and it still has the original agent keys, but due to some reason, when I extract a key from manage_agents, it differs from the one in client.keys for the exact same agent. Could OSSEC have ignored the copied client.keys and re-generated new keys for each? and why would it not effect those 4 agents still reporting correctly to this new server. Many Thanks, Abhi -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
