Hi Barry, If I understood well, you need to resolve the DNS IP Address more than once, unfortunately seems like OSSEC won't do it.
At the very first start, OSSEC reads the file ossec.conf, when detecting a <server-hostname> <https://github.com/wazuh/ossec-wazuh/blob/6c2325e5f45b25adbaccc02ac1977c75c4a56599/src/config/client-config.c#L73> setting, *OS_GetHost *function is called to get the IP Address, that function won't be called again until you restart OSSEC. Regards, Pedro S. On Thursday, February 25, 2016 at 10:57:14 AM UTC+1, Barry Kaplan wrote: > > I have a situation where ossec.conf is set with <server_hostname> before > the DNS entry is set. From what I can tell so far the result of the initial > dns lookup is kept forever, requiring the agent to be restarted. Is it the > case that a failed DNS will never be retried? > > BTW, I'm pretty sure it's not any caching outside of ossec, because the > dns server in this case is consul. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
