You should disable RIDS: remoted.verify_msg_id=0
The errors should go away. The problem is, RIDS must be removed on both agent and server, that may be causing issues. Kat On Tuesday, April 5, 2016 at 8:21:18 AM UTC-5, Alexandre LAQUERRE wrote: > > Hi, > > > > I have been using Ossec for quite a while and we decided to upgrade the > version (2.7.1) to 2.8.3 and that was relatively successful except for the > fact that it pulled a number on my Ossec.conf by creating indent problems > and adding open brackets in the wrong area but anyway it works. My issue is > that for the moment our client will not update the OSSEC agents and wish to > keep the 2.7.1 , I have not seen any documentation that would indicate a > compatibility issue however I noticed that no matter what I do , the agents > will end up disconnecting. They will start out all active and then after 20 > minutes or so they will all be disconnected except for a small minority. > > > > When I performed the install I have set the maximum number of agents to > 4096 because the client has about … I would say close to 3000 agents, > furthermore the installation did go well however I suspect that the > agent.conf file in the shared folder got messed up due to this update being > very significant. I have been working on this issue for at least three days > and I am no longer certain where to look. > > > > I would like to specify that I have already tried to erase the RIDS while > Ossec Is stop (server) and when I start it back up again the same issue > occurs. Now I am hoping the solution will not be to erase the rids from the > client as it would be a long process for our customer. > > > > Thank you, > > > > Alexandre Laquerre > > Analyste Sécurité > > [image: http://cybercan.com/images/iso20000.jpg] > ---------------------------------------------------------------------------------------- > *LINKBYNET * > > Performance | Innovation | Qualité > > > ---------------------------------------------------------------------------------------- > > Suivez-nous sur les médias sociaux ! > > [image: cid:[email protected]] > <http://www.linkedin.com/company/LINKBYNET>*-* [image: > cid:[email protected]] <https://twitter.com/#!/@LINKBYNET> > *-* [image: 1331824224_FaceBook_24x24] <http://www.facebook.com/LINKBYNET> > *-* [image: 1384399169_Flurry_Google_Alt] > <https://plus.google.com/b/104214152964322174793/104214152964322174793/posts> > *1255 Place Phillips, Suite 700, **Montréal, QC H3B 3G1* > *Standard : +1 800 258 0820* > > *Pôle Sécurité : +1 514 667 0554* > > Web : www.linkbynet.com > > [image: cid:[email protected]] > > *Avant d'imprimer cet e-mail, pensez à l'environnement.* > > LINKBYNET, *1er hébergeur* des environnements en haute disponibilité – Source > 01net|IPLabel > <http://pro.01net.com/rub/01business/10403/01business/indicateurs/hebergeurs-environnement-haute-disponibilite/> > > > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
