• Support
  • Forums
  • Blogs

All HIDS agents disconnected


New Life Form
I see today that all HIDS agents are disconnected. I tried to uninstall and install but still same thing (installation is succesful)
When I open the agent I can't start it it gives me an error"Unable to start agent (check config)
When trying to restart agent from ossim I get "[ossec_get_available_agents] Error: Unable to connect to remoted."
Does someone have any idea what went wrong and hoe to fix this?

Share post:

Best Answer

  • Answer ✓
    Hello @doronsahar,

    (( from https://www.alienvault.com/forums/discussion/comment/24789/#Comment_24789 )) 

       With the latest OSSEC development, the OSSEC team has pushed out an IPv6 configuration; this configuration was included with our 5.5 release. Our Engineering team is aware of the modification and will have this corrected with the next firmware release. However, in the meantime, you can apply a workaround :: 

    # mv /etc/sysctl.d /etc/sysctl.d_bak

    # /etc/init.d/ossec stop ; /etc/init.d/ossec start ; alienvault-reconfig 

       You can then check the status of #ossec-remoted  ::

    # ps afux | grep ossec-remoted


    # netstat -tulpen | grep 1514

        If you still do not see #OSSEC-remoted is failing to start, ((and you have successfully moved the sysctl.d file)), please try a #reboot of your Appliance. 


    - kratos


  • Hi there,

    This happened to me as well, validate all OSSEC processes are running fine with "ps" (google can give you a list of them).
    Try to restart the services associated with OSSEC </etc/init.d/ossec restart> ....
    In my case, ossec-remoted was stuck and was not restarting. So... "kill -9 ossec-remoted" and then:
    "etc/init.d/ossec stop " => "/etc/init.d/ossec start" wait a few minutes and check "/var/ossec/bin/list_agents -
  • Ho, also check the logs /var/ossec/logs/ossec.log
Sign In or Register to comment.