I've got a half-dozen RHEL5.3 systems running OSSEC just fine. And two RHEL5.3 systems that never will start up at all.
There's no OSSEC processes running: [r...@yamaguchi ~]# ps -ef|grep ossec root 19348 32346 0 17:55 pts/0 00:00:00 grep ossec and nothing in the locks directory: [r...@yamaguchi ~]# ls -la /var/ossec/var/run/ total 16 drwxrwx--- 2 root ossec 4096 Mar 14 17:53 . dr-xr-x--- 3 root ossec 4096 Mar 14 17:53 .. but while the other systems start up and check in right away, these two seem to hang forever: [r...@yamaguchi ~]# /etc/init.d/ossec start Starting OSSEC: [ OK ] [r...@yamaguchi ~]# watch tail /var/log/ossec.log 009/03/14 17:57:03 ossec-execd: INFO: Started (pid: 19451). 2009/03/14 17:57:07 ossec-syscheckd: INFO: Started (pid: 19463). 2009/03/14 17:57:07 ossec-rootcheck: INFO: Started (pid: 19463). 2009/03/14 17:57:09 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/me ssages'. 2009/03/14 17:57:09 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/au th.log'. 2009/03/14 17:57:09 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/sn ort/alert'. 2009/03/14 17:57:09 ossec-logcollector: INFO: Started (pid: 19459). 2009/03/14 17:57:23 ossec-logcollector: WARN: Process locked. Waiting for permis sion... 2009/03/14 18:05:46 ossec-syscheckd: INFO: Starting syscheck scan (db). 2009/03/14 18:05:46 ossec-syscheckd: WARN: Process locked. Waiting for permissio n... Two hours later, it's still sitting there waiting for permission. Pointers in the right direction greatly appreciated... -- Tim Boyer Chief Technology Officer Denman Tire Corporation [email protected]
