At around midnight jan-1st 2010 all my OSSEC windows host began to exhibit this in the logs: 2009/12/31 10:10:50 ossec-agent: INFO: Event count after '20000': 8163605->5125824 (62%) 2009/12/31 23:24:14 ossec-agent(1214): WARN: Problem receiving message from 10.2.2.6. 2010/01/01 00:39:56 ossec-agent(1214): WARN: Problem receiving message from 10.2.2.6. 2010/01/01 01:33:15 ossec-agent: INFO: Starting syscheck scan. 2010/01/01 01:44:28 ossec-agent: INFO: Ending syscheck scan. 2010/01/01 05:26:22 ossec-agent: WARN: Server unavailable. Setting lock. 2010/01/01 05:29:53 ossec-agent: INFO: Trying to connect to server (10.2.2.6:1514). 2010/01/01 05:30:25 ossec-agent: INFO: Trying to connect to server (10.2.2.6:1514). 2010/01/01 05:31:08 ossec-agent: INFO: Trying to connect to server (10.2.2.6:1514). 2010/01/01 05:32:02 ossec-agent: INFO: Trying to connect to server (10.2.2.6:1514). 2010/01/01 05:33:07 ossec-agent: INFO: Trying to connect to server (10.2.2.6:1514).
etc... (same trying to connect to server error every 19-20 minutes until...) 2010/01/02 01:29:13 ossec-agent: INFO: Trying to connect to server (10.2.2.6:1514). 2010/01/02 01:34:28 ossec-agent: INFO: Starting syscheck scan. 2010/01/02 01:36:08 ossec-agent: Error waiting mutex (timeout). 2010/01/02 01:37:53 ossec-agent: Error waiting mutex (timeout). 2010/01/02 01:39:38 ossec-agent: Error waiting mutex (timeout). 2010/01/02 01:41:23 ossec-agent: Error waiting mutex (timeout). 2010/01/02 01:43:08 ossec-agent: Error waiting mutex (timeout). 2010/01/02 01:44:53 ossec-agent: Error waiting mutex (timeout). 2010/01/02 01:46:38 ossec-agent: Error waiting mutex (timeout). 2010/01/02 01:48:23 ossec-agent: Error waiting mutex (timeout). 2010/01/02 01:50:08 ossec-agent: Error waiting mutex (timeout). 2010/01/02 01:50:17 ossec-agent: INFO: Trying to connect to server (10.2.2.6:1514). and on and on. I've restarted the server, restarted the agents to no avail. Some are now reporting duplicate counter errors, and deleting the rids files is not fixing them this time around. The server is 2.3 and most agents are 2.2 windows only.
