and big thanks to you and Santiago for looking into this.
On Wednesday, March 23, 2016 at 3:18:35 PM UTC-4, Ben wrote:
>
> Yes, we believed this error message was harmless, so we commented this
> section out and recompiled the source code. The agentlessd is working just
> fine now.
>
> On Thursday, March 17, 2016 at 9:13:52 AM UTC-4, Victor Fernandez wrote:
>>
>> Hi Ben.
>>
>> The first error is normal, or at less, predictable to happen: since an
>> agent-less isn't an agent, it can't receive active-responses. Active
>> responses are generated by the rule analyzer (analisisd), that doesn't
>> distinguish between agents and agent-less, so the remote daemon, that
>> sends the active-response commands, shows that error because it can't find
>> the agent. But it isn't a critical error.
>>
>> Regarding to the second problem, there is a hardcoded limit of 10
>> attempts at agentless/agentless.c:
>>
>> /* Main monitor loop */
>>
>> /* (...) */
>>
>> while(lessdc.entries[i])
>> {
>> if(lessdc.entries[i]->error_flag >= 10)
>> {
>> if(lessdc.entries[i]->error_flag != 99)
>> {
>> merror("%s: ERROR: Too many failures for '%s'.
>> Ignoring it.",
>> ARGV0, lessdc.entries[i]->type);
>> lessdc.entries[i]->error_flag = 99;
>> }
>>
>> i++;
>> sleep(i);
>> continue;
>> }
>>
>> The last 3 lines make that, after 10 attempts, the program continues and
>> no longer tries to execute the command. Maybe, deleting them (i++;
>> sleep(i); continue;) the program retries to execute the command.
>>
>> We're testing it at our development environment and we'll include the
>> changes in our repository at Wazuh.
>>
>> Best regards.
>> Victor.
>>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
