The problem may be due to the connection being lost, so after 5 failed reconnection attempts the agent tries to register again.
This can be avoided by modifying the enrrollment block of the agent's
/var/ossec/etc/ossec.conf file with the agent name you need it to have:
agent-enrollment documentationagent-name referenceExample
<client>
<enrollment>
<agent_name>EXAMPLE_NAME</agent_name>
<groups>GROUP1,GROUP2,GROUP3</groups>
</enrollment>
</client>If you want to register them again with the previous names, you can configure the force block of the manager's
/var/ossec/etc/ossec.conf file:
force referenceExample:
<force>
<enabled>yes</enabled>
<disconnected_time enabled="yes">1h</disconnected_time>
<after_registration_time>1h</after_registration_time>
<key_mismatch>yes</key_mismatch>
</force>I hope this solves your need. Let me know if you need anything else!
Best Regards!