All, I have a few Windows hosts that will periodically 'Disconnect' from the OSSEC server. In some cases they randomly will reconnect later on, while in others we have to go through and clear out the RIDS before the agent will re-connect successfully.
What's the best way to troubleshoot this issue? From everything I've read, I should enable debug on the agent and manager, but I've added "-d" to all of the processes, and also bumped the levels in internal_options.conf to 2's, and I still don't get any useful debug in ossec.log. I stopped one of my Linux agents and purposely wiped out the rids files. When I started up in debug mode I didn't get any helpful errors on either end of the interface (I expected to see log messages related to RIDS from error_messages.h). What am I missing? Thanks, Chris -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
