Yes, we believed this error message was harmless, so we commented this
section out and recompiled the source code. The agentlessd is working just
fine now.
On Thursday, March 17, 2016 at 9:13:52 AM UTC-4, Victor Fernandez wrote:
>
> Hi Ben.
>
> The first error is normal, or at less, predictable to happen: since an
> agent-less isn't an agent, it can't receive active-responses. Active
> responses are generated by the rule analyzer (analisisd), that doesn't
> distinguish between agents and agent-less, so the remote daemon, that
> sends the active-response commands, shows that error because it can't find
> the agent. But it isn't a critical error.
>
> Regarding to the second problem, there is a hardcoded limit of 10 attempts
> at agentless/agentless.c:
>
> /* Main monitor loop */
>
> /* (...) */
>
> while(lessdc.entries[i])
> {
> if(lessdc.entries[i]->error_flag >= 10)
> {
> if(lessdc.entries[i]->error_flag != 99)
> {
> merror("%s: ERROR: Too many failures for '%s'.
> Ignoring it.",
> ARGV0, lessdc.entries[i]->type);
> lessdc.entries[i]->error_flag = 99;
> }
>
> i++;
> sleep(i);
> continue;
> }
>
> The last 3 lines make that, after 10 attempts, the program continues and
> no longer tries to execute the command. Maybe, deleting them (i++;
> sleep(i); continue;) the program retries to execute the command.
>
> We're testing it at our development environment and we'll include the
> changes in our repository at Wazuh.
>
> Best regards.
> Victor.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
