On Tue, Jan 27, 2015 at 3:25 PM, Todd <[email protected]> wrote: > Hi all. > > I did something incredibly dumb (rm -Rf might have been involved) and > completed deleted the /var/ossec/ directory on my OSSEC server. > > Fortunately, all my rules configuration was in git, but I had to generate a > new set of SSL keys (as per > http://ossec-docs.readthedocs.org/en/latest/programs/ossec-authd.html#creating-ssl-keys). > Now all my agents no longer talk to the server (lots of ERROR: Invalid ID > for the source ip:) in the logs. > > I'm ok with manually reregistering all my agents to the server, but I wonder > if there's a better way. Or what happens when your SSL keys you generate > expire and you have to generate a new set of SSL keys? How does one go about > updating all of the agents? >
The SSL keys won't cause issues like this, the agents don't use SSL to connect to the manager. Did you delete your etc/client.keys file as well? That's the file containing the keys that authenticate the agents. > Thanks for any pointers. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
