Hi, it is strange that the log indicates line 147 when it was not able to read it. Maybe the agent.conf file is not arriving to the agent or it is being discarded due to a checksum error.
First, please remove file *merged.mg <http://merged.mg>* from folder *shared* in the agent and the manager. Then enable debugging log in order to know where the problem is. - On the manager: /var/ossec/bin/ossec-control enable debug /var/ossec/bin/ossec-control restart - On the agent, add this line to file *local_internal_options.conf*: windows.debug=1 and restart the agent. When it gets connected, the manager should log a message like: ossec-remoted: Sending file 'merged.mg' to agent. and that file should appear immediately in the agent (folder *shared*). After few seconds, when the file is completely delivered, it should be unmerged into every file that exists in the manager's shared folder. A common issue is that the file doesn't arrive properly (e.g. some packets were lost or corrupted) the file *merged.mg <http://merged.mg>* will disappear suddenly and the Windows agent should log: ossec-agent: Failed md5 for: merged.mg -- deleting. In this case, the manager will retry to send the file every 10 minutes. But as I mentioned before, an error message about reading file that indicates a line different from 0 has no sense. However I hope this help you. Best regards. On Mon, Jul 3, 2017 at 11:44 AM, Jesus Linares <[email protected]> wrote: > Hi > > ossec-agent(1226): ERROR: Error reading XML file 'shared/agent.conf': >> XMLERR: File 'shared/agent.conf' not found. (line 147). > > > what is in the line 147?. > > More information about the agent.conf and the process to synchronize it: > https://documentation.wazuh.com/current/user-manual/reference/centralized- > configuration.html > > I hope it helps. > Regards. > > On Sunday, July 2, 2017 at 3:30:07 AM UTC+2, Ricardo Galossi wrote: >> >> Hi guys, >> >> I'd like to ask for some help here.. >> >> My windows agents are not synchronizing shared/agent.conf, >> within C:\Program Files (x86)\ossec-agent\shared direrectory there is no >> agent.conf even after restarting windows agent. Follow my agent.cong below: >> >> <agent_config> >> <syscheck> >> <directories realtime="yes" check_all="yes">C:\labtest</di >> rectories> >> </syscheck> >> </agent_config> >> >> In the agent log file I receive the following message: >> >> ossec-agent(1226): ERROR: Error reading XML file 'shared/agent.conf': >> XMLERR: File 'shared/agent.conf' not found. (line 147). >> >> If I create the file agent.conf manually the configuration works (what >> proof that the configuration is ok), but also doesn't synchronize if i try >> to change it. >> >> Am I making some mistake? Please, help me!! >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Victor M. Fernandez-Castro IT Security Engineer Wazuh Inc. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
