Hi Kat, ok and if i am not mistaken i need to perform the same config for all agents right ?
So here is the idea that i feel is perhaps the only solution. Stop the server, erase the RIDS and then have our customer deploy a script in order to stop all the agents and then install the version 2.8.3 and then finally erase the RIDS files. Once done restart the server and then restart the ossec agents. On Wednesday, April 13, 2016 at 10:40:00 AM UTC-4, Kat wrote: > > You should disable RIDS: > > remoted.verify_msg_id=0 > > The errors should go away. The problem is, RIDS must be removed on both > agent and server, that may be causing issues. > > Kat > > On Tuesday, April 5, 2016 at 8:21:18 AM UTC-5, Alexandre LAQUERRE wrote: >> >> Hi, >> >> >> >> I have been using Ossec for quite a while and we decided to upgrade the >> version (2.7.1) to 2.8.3 and that was relatively successful except for the >> fact that it pulled a number on my Ossec.conf by creating indent problems >> and adding open brackets in the wrong area but anyway it works. My issue is >> that for the moment our client will not update the OSSEC agents and wish to >> keep the 2.7.1 , I have not seen any documentation that would indicate a >> compatibility issue however I noticed that no matter what I do , the agents >> will end up disconnecting. They will start out all active and then after 20 >> minutes or so they will all be disconnected except for a small minority. >> >> >> >> When I performed the install I have set the maximum number of agents to >> 4096 because the client has about … I would say close to 3000 agents, >> furthermore the installation did go well however I suspect that the >> agent.conf file in the shared folder got messed up due to this update being >> very significant. I have been working on this issue for at least three days >> and I am no longer certain where to look. >> >> >> >> I would like to specify that I have already tried to erase the RIDS while >> Ossec Is stop (server) and when I start it back up again the same issue >> occurs. Now I am hoping the solution will not be to erase the rids from the >> client as it would be a long process for our customer. >> >> >> >> Thank you, >> >> >> >> Alexandre Laquerre >> >> Analyste Sécurité >> >> [image: http://cybercan.com/images/iso20000.jpg] >> ---------------------------------------------------------------------------------------- >> *LINKBYNET * >> >> Performance | Innovation | Qualité >> >> >> ---------------------------------------------------------------------------------------- >> >> Suivez-nous sur les médias sociaux ! >> >> [image: cid:[email protected]] >> <http://www.linkedin.com/company/LINKBYNET>*-* [image: >> cid:[email protected]] <https://twitter.com/#!/@LINKBYNET> >> *-* [image: 1331824224_FaceBook_24x24] >> <http://www.facebook.com/LINKBYNET> *-* [image: >> 1384399169_Flurry_Google_Alt] >> <https://plus.google.com/b/104214152964322174793/104214152964322174793/posts> >> *1255 Place Phillips, Suite 700, **Montréal, QC H3B 3G1* >> *Standard : +1 800 258 0820* >> >> *Pôle Sécurité : +1 514 667 0554* >> >> Web : www.linkbynet.com >> >> [image: cid:[email protected]] >> >> *Avant d'imprimer cet e-mail, pensez à l'environnement.* >> >> LINKBYNET, *1er hébergeur* des environnements en haute disponibilité – >> Source >> 01net|IPLabel >> <http://pro.01net.com/rub/01business/10403/01business/indicateurs/hebergeurs-environnement-haute-disponibilite/> >> >> >> >> >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
