Just to be sure, the variable I was talking about is: # Verify msg id (set to 0 to disable it) > remoted.verify_msg_id=1
At /var/ossec/etc/internal_options.conf Best regards, Pedro S. On Friday, May 13, 2016 at 3:53:20 PM UTC+2, Pedro S wrote: > > Hi, > > I don't think *verify_msg *will be related with those errors. > > It seems like those files (EventChannel bookmarks) not longer exist in tmp > folder or OSSEC does not have enough permissions, try to reinstall the > agent. > If you prefer, paste here your EventChannel queries so I can test them in > my labs. > > Best regards, > > Pedro S. > > > > On Fri, May 13, 2016 at 1:37 PM, Abdulvehhab Agin <[email protected]> > wrote: > >> When i change verify_msg_id=0; *i have lots of error in ossec log* >> >> >> >> >> 2016/05/13 14:33:17 ossec-agent: ERROR: Could not move >> (tmp/Security-a06404) to (bookmarks/Security) which returned (5) >> 2016/05/13 14:33:17 ossec-agent: ERROR: Could not rename_ex() temporary >> bookmark (tmp/Security-a06404) to (bookmarks/Security) for (Security) >> 2016/05/13 14:33:17 ossec-agent: ERROR: Could not move >> (tmp/Security-a06404) to (bookmarks/Security) which returned (5) >> 2016/05/13 14:33:17 ossec-agent: ERROR: Could not rename_ex() temporary >> bookmark (tmp/Security-a06404) to (bookmarks/Security) for (Security) >> 2016/05/13 14:33:17 ossec-agent: ERROR: Could not move >> (tmp/Security-a06404) to (bookmarks/Security) which returned (5) >> 2016/05/13 14:33:17 ossec-agent: ERROR: Could not rename_ex() temporary >> bookmark (tmp/Security-a06404) to (bookmarks/Security) for (Security) >> >> >> >> 12 Mayıs 2016 Perşembe 10:37:15 UTC+3 tarihinde Pedro S yazdı: >>> >>> Hi, >>> >>> If multiple agents are using the same key, you need to set them up with >>> their own unique key. >>> If you re-installed an agent and didn't backup the rids files, >>> you should create a new key for the agent and use that. >>> If you prefer to avoid any counters error, try to deactivate counters, >>> open file etc/internal_options.conf (Manager & Agent) and set >>> verify_msg_id=0. >>> >>> >>> Regards, >>> >>> >>> Pedro S. >>> >>> On Wednesday, May 11, 2016 at 10:33:00 PM UTC+2, Abdulvehhab Agin wrote: >>>> >>>> Hi, >>>> >>>> >>>> >>>> Sometimes ossec server says *"ERROR: Duplicated counter for"* errors. >>>> Especially we have mass log, and log sending protocol is UDP, so rids >>>> counter' agent and server sometimes inconsistent; >>>> >>>> >>>> When i see this error, I see the agent is inactive. After this; agent >>>> wont send any logs. >>>> >>>> >>>> How can i solve this problem? >>>> >>>> >>>> OSSEC version 2.8.3 >>>> >>>> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
