Thank you Dan, Sorry but i still confuse, I dont want to do something that get worse this situation. Do you have any idea to fix the error?
Regards... El viernes, 4 de agosto de 2017, 12:20:15 (UTC-5), dan (ddpbsd) escribió: > > On Fri, Aug 4, 2017 at 11:59 AM, Carlos Islas <[email protected] > <javascript:>> wrote: > > Hi! > > > > The manager hasn´t agent. The alerts came from the other host. > > > > root@vknxsegfim:/var/ossec/bin# ./agent_control -lc > > > > OSSEC HIDS agent_control. List of available agents: > > ID: 000, Name: vknxsegfim (server), IP: 127.0.0.1, Active/Local > > > > but i dont know why all the host appear disconnected > > > > ID: 054, Name: knxvozdb, IP: 172.27.1.153, Disconnected > > ID: 102, Name: posmexngs, IP: 172.17.2.24, Disconnected > > ID: 103, Name: knxsegk01, IP: 172.27.4.45, Disconnected > > ID: 104, Name: websense, IP: 172.17.2.228, Disconnected > > ID: 105, Name: websense1, IP: 172.17.2.22, Disconnected > > ID: 106, Name: wspsknx, IP: 172.27.4.131, Disconnected > > ID: 055, Name: KNXVOZMSERVER-1, IP: 172.27.1.173, Disconnected > > ID: 056, Name: OGNODE1, IP: 172.27.1.70, Disconnected > > ID: 057, Name: OGNODE2, IP: 172.27.1.71, Disconnected > > ID: 058, Name: OGNODE3, IP: 172.27.1.72, Disconnected > > ID: 059, Name: KNXVOZPREDB, IP: 172.27.1.74, Disconnected > > ID: 060, Name: siem_indexer, IP: 172.27.4.78, Disconnected > > ID: 061, Name: VKNXSEG07, IP: 172.27.200.178, Disconnected > > ID: 062, Name: F3Mpwmordc01, IP: 172.27.4.10, Disconnected > > ID: 063, Name: V3Mpwmordc01, IP: 172.27.200.95, Disconnected > > ID: 064, Name: Vknxmorwsus, IP: 172.27.200.99, Disconnected > > ID: 066, Name: Posmexdc01, IP: 172.17.1.80, Disconnected > > > > Some idea that why is happen this? > > > > The duplicated rids errors are a clue. For some reason (agents were > re-imaged, rids files were deleted on the agents, etc), the agents are > presenting the same counters as they had previously. The rids counters > are an attempt to prevent replay attacks, so duplicate counters are > bad. > > > > > > > Regards... > > > > > > El viernes, 4 de agosto de 2017, 5:57:46 (UTC-5), jose escribió: > >> > >> Hi Carlos, > >> > >> The manager has his own agent, probably the alerts are from the manager > it > >> self. > >> > >> > >> > >> Regards > >> ----------------------- > >> Jose Luis Ruiz > >> Wazuh Inc. > >> [email protected] > >> > >> On August 3, 2017 at 7:57:59 PM, Carlos Islas ([email protected]) > >> wrote: > >> > >> In adition the host send alerts to my email but still disconnected... > how > >> can it be? > >> > >> =S > >> > >> El jueves, 3 de agosto de 2017, 12:48:04 (UTC-5), Carlos Islas > escribió: > >>> > >>> Hi Jose, > >>> > >>> Thanks for your answer, i send you the log: > >>> > >>> 2017/08/01 13:44:10 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 15:19:33 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 15:19:37 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 15:22:01 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 15:22:06 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 15:22:06 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 15:41:06 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 15:58:14 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 15:58:20 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 15:58:20 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 16:06:12 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 16:06:17 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 16:06:17 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 16:36:50 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 16:36:55 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 16:36:55 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 16:54:19 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 16:54:24 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 16:54:24 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 16:55:02 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 16:55:12 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 16:55:17 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 16:55:17 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 17:00:35 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 17:00:40 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 17:00:40 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 17:04:19 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 17:04:25 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 17:04:25 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 17:08:15 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 17:08:20 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 17:08:20 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 17:09:00 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 17:09:05 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 17:09:05 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 17:09:57 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 17:10:02 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 17:10:02 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 17:11:30 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 17:11:35 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 17:11:35 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 17:21:08 ossec-maild(1207): ERROR: Unable to switch to > group: > >>> 'ossec' > >>> . > >>> 2017/08/01 17:21:08 ossec-execd(1207): ERROR: Unable to switch to > group: > >>> 'ossec' > >>> . > >>> 2017/08/01 17:22:11 ossec-logcollector(1224): ERROR: Error sending > >>> message to qu > >>> eue. > >>> 2017/08/01 17:22:14 ossec-logcollector(1210): ERROR: Queue > >>> '/var/ossec/queue/oss > >>> ec/queue' not accessible: 'Connection refused'. > >>> 2017/08/01 17:22:14 ossec-logcollector(1211): ERROR: Unable to access > >>> queue: '/v > >>> ar/ossec/queue/ossec/queue'. Giving up.. > >>> 2017/08/01 17:22:23 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 17:22:28 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 17:22:28 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 17:26:34 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 17:26:38 ossec-rootcheck(1224): ERROR: Error sending > message > >>> to queue > >>> . > >>> 2017/08/01 17:26:39 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 17:26:39 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 17:27:30 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 17:27:35 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 17:27:35 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 17:28:58 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 17:29:03 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 17:29:03 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 17:30:08 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /003'. > >>> 2017/08/01 17:30:13 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 17:30:13 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 17:31:35 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /003'. > >>> 2017/08/01 17:31:41 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 17:31:41 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 17:32:08 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /998'. > >>> 2017/08/01 17:32:13 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 17:32:13 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 17:39:26 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 17:39:32 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 17:39:32 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 18:00:16 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /001'. > >>> 2017/08/01 18:00:21 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 18:00:21 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 18:07:19 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/01 18:07:25 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/01 18:07:29 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/01 18:07:34 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/01 18:07:40 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/01 18:20:25 ossec-remoted(1206): ERROR: Unable to Bind port > >>> '1514' > >>> 2017/08/01 18:20:53 ossec-remoted(1210): ERROR: Queue > >>> '/queue/ossec/queue' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 18:20:53 ossec-remoted(1211): ERROR: Unable to access > queue: > >>> '/queue/ > >>> ossec/queue'. Giving up.. > >>> 2017/08/01 18:22:44 ossec-remoted(1210): ERROR: Queue > >>> '/queue/ossec/queue' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 18:22:44 ossec-remoted(1211): ERROR: Unable to access > queue: > >>> '/queue/ > >>> ossec/queue'. Giving up.. > >>> 2017/08/01 18:24:44 ossec-remoted(1210): ERROR: Queue > >>> '/queue/ossec/queue' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 18:24:44 ossec-remoted(1211): ERROR: Unable to access > queue: > >>> '/queue/ > >>> ossec/queue'. Giving up.. > >>> 2017/08/01 18:26:01 ossec-remoted(1210): ERROR: Queue > >>> '/queue/ossec/queue' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 18:26:01 ossec-remoted(1211): ERROR: Unable to access > queue: > >>> '/queue/ > >>> ossec/queue'. Giving up.. > >>> 2017/08/01 18:26:18 ossec-syscheckd(1210): ERROR: Queue > >>> '/var/ossec/queue/ossec/ > >>> queue' not accessible: 'Connection refused'. > >>> 2017/08/01 18:26:18 ossec-rootcheck(1210): ERROR: Queue > >>> '/var/ossec/queue/ossec/ > >>> queue' not accessible: 'Connection refused'. > >>> 2017/08/01 18:26:26 ossec-syscheckd(1210): ERROR: Queue > >>> '/var/ossec/queue/ossec/ > >>> queue' not accessible: 'Connection refused'. > >>> 2017/08/01 18:26:26 ossec-rootcheck(1210): ERROR: Queue > >>> '/var/ossec/queue/ossec/ > >>> queue' not accessible: 'Connection refused'. > >>> 2017/08/01 18:26:39 ossec-syscheckd(1210): ERROR: Queue > >>> '/var/ossec/queue/ossec/ > >>> queue' not accessible: 'Connection refused'. > >>> 2017/08/01 18:26:39 ossec-rootcheck(1211): ERROR: Unable to access > queue: > >>> '/var/ > >>> ossec/queue/ossec/queue'. Giving up.. > >>> 2017/08/01 18:33:07 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /004'. > >>> 2017/08/01 18:33:12 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 18:33:12 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 18:34:25 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /004'. > >>> 2017/08/01 18:34:30 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 18:34:30 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 18:51:32 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /004'. > >>> 2017/08/01 18:51:38 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 18:51:38 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 19:00:54 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /004'. > >>> 2017/08/01 19:00:59 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 19:00:59 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 19:04:31 ossec-remoted(1103): ERROR: Unable to open file > >>> '/queue/rids > >>> /999'. > >>> 2017/08/01 19:04:36 ossec-analysisd(1210): ERROR: Queue > >>> '/queue/alerts/ar' not a > >>> ccessible: 'Connection refused'. > >>> 2017/08/01 19:04:36 ossec-analysisd(1301): ERROR: Unable to connect to > >>> active re > >>> sponse queue. > >>> 2017/08/01 19:10:01 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/01 19:10:07 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/01 19:10:11 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/01 19:10:16 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/01 19:10:22 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/01 20:13:06 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/01 20:13:12 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/01 20:13:16 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/01 20:13:21 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/01 20:13:27 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/01 21:47:54 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/01 21:48:00 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/01 21:48:04 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/01 21:48:09 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/01 21:48:15 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/01 22:19:11 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/01 22:19:17 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/01 22:19:21 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/01 22:19:26 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/01 22:19:32 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 00:25:34 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 00:25:40 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 00:25:44 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 00:25:49 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 00:25:55 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 00:26:05 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 00:26:11 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 00:26:15 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 00:26:20 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 00:26:26 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 02:32:15 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 02:32:21 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 02:32:25 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 02:32:30 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 02:32:36 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 03:04:34 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 03:04:40 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 03:04:44 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 03:04:49 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 03:04:55 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 04:39:14 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 04:39:20 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 04:39:24 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 04:39:29 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 04:39:35 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 05:43:21 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 05:43:27 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 05:43:31 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 05:43:36 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 05:43:42 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 06:46:31 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 06:46:37 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 06:46:41 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 06:46:46 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 06:46:52 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 08:22:26 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 08:22:32 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 08:22:36 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 08:22:41 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 08:22:47 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >>> m '172.27.1.122'. > >>> 2017/08/02 08:54:06 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 08:54:12 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 08:54:16 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 08:54:21 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 08:54:27 ossec-remoted(1407): ERROR: Duplicated counter for > >>> 'posmexng > >>> s'. > >>> 2017/08/02 11:01:49 ossec-remoted(1403): ERROR: Incorrectly formated > >>> message fro > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected]. > >> For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
