All, I have an OSSEC instance (running the latest/greatest Wuzuh code cloned from GitHub) that has about 1k active hosts. I've noticed recently that hosts are flipping back and forth between *Active* and *Disconnected*.
I've also noticed that not all of the log messages from "*Active" *hosts are being received by the Manager. For example, I have an agent that generates the same log message every second. I have debug enabled on the Agent and I can see logcollector reading each message, but only *some* of the messages are received on the Manager (I monitored it for awhile and it's not that the messages show up later due to network congestion--I don't see the messages ever being received). I tried disabling the agent ID checks on both the Manager and Agent but that didn't have any impact. I suspect there is a misconfiguration or limit I am running into on my Manager running RHEL 7, but I haven't been able to track it down. I did a simple netcat test between the same two hosts and there was no lag in transmissions. Any suggestions/thoughts from the community? Thanks, Chris -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
