Hi,
I’ve been running OSSEC for a couple of years now without any significant issues. The server monitors around 200 servers that is a mix of Windows and Unix servers. Recently, OSSEC is alerting me that most, if not all, agents are repeatedly disconnecting and reconnecting. There is no pattern that I’ve been able to notice. The disconnects span anywhere from 2 hours to 7 hours. I suspect there is an issue with OSSEC server. Has anyone encountered this and have suggestions on what I should do? If there’s logs on the server that I can check, please direct me to where those are and what I should look for in the logs.
Regards,
Tyler Doman, CISSP, CHP
Account Security Officer
Enterprise Security Services
Hewlett Packard
+1 541.360.4028/ Office
+1 503.383.8411/ Mobile
4070 27th CT SE, Suite 100, Salem, OR 97302