[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-list
Subject: Re: [ossec-list] OSSEC 2.3: All agents disconnected
From: "--[ UxBoD ]--" <uxbod () splatnix ! net>
Date: 2009-12-24 11:31:29
Message-ID: 21672815.425.1261654289486.JavaMail.root () office ! splatnix ! net
[Download RAW message or body]
----- "--[ UxBoD ]--" <uxbod@splatnix.net> wrote:
> ----- "--[ UxBoD ]--" <uxbod@splatnix.net> wrote:
>
> > ----- "Michael Starks" <ossec-list@michaelstarks.com> wrote:
> >
> > > > Well it appears to not be port scanning which brings down the
> > > connections :(
> > > >
> > > > All agents disconnected again today at exactly the same time as
> > > yesterday. I have checked the crontabs on the server and nothing
> > > appears to be running at that time.
> > > >
> > > > I started all daemons up with -d -d but no debugging
> information,
> > > regarding the disconnections, appeared in the log.
> > > >
> > > > How can I enable further debugging to ascertain why this is
> > > happening please ????
> > >
> > > If it happened at the same time, maybe it has something to do
> with
> > a
> > > syscheck or rootcheck scan.
> >
> > Perhaps; though why would it not be picked up in the debugging ?
> >
> > Best Regards,
>
> Well it happened again this morning, at exactly the same time, though
> this time I had tcpdump running. It would appear at the time they all
> disconnected a Window 2K3 server from port 1275 connect to the OSSEC
> manager. At that point all the agents disconnected.
>
> Thoughts ?
The problem has been resolved :) it was due to the vserver hashify functionality .. \
Have added /usr/local/ossec to the exclude file and all agents stay connected now. \
Very confused as to why that happens though as no other vservers have ossec \
installed.
Thanks,
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic