OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Currently, I use ossec-authd to register a new agent and manage_agents to remove a agent . I face to an issue that the agent ID keep growing up( even some agent have been removed from ossec server) and some days it will reach to the limit (ID=MAX_AGENTS + AUTHD_FIRST_ID) I can't register new agent anymore.
https://github.com/ossec/ossec-hids/blob/master/src/addagent/validate.c#L49
I have increased MAX_AGENTS and recompiled it. But it is just a workaround and in the future i will see that issue again.
Can we have any better solution to reuse ID or any workaround for it?
Currently, I use ossec-authd to register a new agent and manage_agents to remove a agent . I face to an issue that the agent ID keep growing up( even some agent have been removed from ossec server) and some days it will reach to the limit (ID=MAX_AGENTS + AUTHD_FIRST_ID) I can't register new agent anymore. https://github.com/ossec/ossec-hids/blob/master/src/addagent/validate.c#L49
I have increased MAX_AGENTS and recompiled it. But it is just a workaround and in the future i will see that issue again.
Can we have any better solution to reuse ID or any workaround for it?
Thanks. King