Hi all. I did something incredibly dumb (rm -Rf might have been involved) and completed deleted the /var/ossec/ directory on my OSSEC server.
Fortunately, all my rules configuration was in git, but I had to generate a new set of SSL keys (as per http://ossec-docs.readthedocs.org/en/latest/programs/ossec-authd.html#creating-ssl-keys). Now all my agents no longer talk to the server (lots of ERROR: Invalid ID for the source ip:) in the logs. I'm ok with manually reregistering all my agents to the server, but I wonder if there's a better way. Or what happens when your SSL keys you generate expire and you have to generate a new set of SSL keys? How does one go about updating all of the agents? Thanks for any pointers. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
