@Mark C Sometime it gets stuck , especially if you are using agent.conf . (At least in my case, don't know why this happens)
Have you tried restarting ossec-control server ? Also review your confs . On Nov 30, 7:40 pm, Mark C <[email protected]> wrote: > How were you able to fix this? I'm getting the same errors on one of my > servers. It's not a firewall issue since I have another server on the same > subnet that works... 2011/11/16 19:10:43 ossec-agent: INFO: Started (pid: > 3032). > 2011/11/16 19:10:53 ossec-agent: WARN: Process locked. Waiting for > permission... > 2011/11/16 19:11:03 ossec-agent(4101): WARN: Waiting for server reply (not > started). Tried: '10.128.239.19'. > 2011/11/16 19:11:05 ossec-agent: INFO: Trying to connect to server > (10.128.239.19:1514). > 2011/11/16 19:11:05 ossec-agent: INFO: Using IPv4 for: 10.128.239.19 . > 2011/11/16 19:11:26 ossec-agent(4101): WARN: Waiting for server reply (not > started). Tried: '10.128.239.19'. > 2011/11/16 19:11:46 ossec-agent: INFO: Trying to connect to server > (10.128.239.19:1514). > 2011/11/16 19:11:46 ossec-agent: INFO: Using IPv4 for: 10.128.239.19 . > 2011/11/16 19:12:07 ossec-agent(4101): WARN: Waiting for server reply (not > started). Tried: '10.128.239.19'. > 2011/11/16 19:12:45 ossec-agent: INFO: Trying to connect to server > (10.128.239.19:1514). > 2011/11/16 19:12:45 ossec-agent: INFO: Using IPv4 for: 10.128.239.19 . > 2011/11/16 19:13:06 ossec-agent(4101): WARN: Waiting for server reply (not > started). Tried: '10.128.239.19'. What does this line mean? 2011/11/16 > 19:10:53 ossec-agent: WARN: Process locked. Waiting for permission... > Thanks,-Mark > Date: Sun, 20 Nov 2011 21:30:55 -0500 > > > > > > > > > Subject: Re: [ossec-list] OSSEC Agent is not connecting > > From: [email protected] > > To: [email protected] > > > For the archives/documentation, how did you fix it? > > > On Sun, Nov 20, 2011 at 1:53 PM, Joe Arimboor <[email protected]> > > wrote: > > > i figured out .. its working fine .. thanks > > > > On Fri, Nov 18, 2011 at 12:24 AM, dan (ddp) <[email protected]> wrote: > > > >> On Sun, Nov 13, 2011 at 9:11 AM, Joe <[email protected]> wrote: > > >> > Hi , I am getting the following err msg when an agent try to connect > > >> > to Server (no Firewall in between) > > > >> Are you sure the packets are getting to the manager? > > >> Does the manager respond? > > >> Does the manager log anything useful? > > >> Is this agent using a unique key? > > > >> > ========== > > >> > summary logs > > >> > --------------------- > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Started (pid: 2800). > > > >> > 2011/11/13 18:05:13 ossec-agent: WARN: Process locked. Waiting for > > >> > permission... > > > >> > 2011/11/13 18:05:24 ossec-agent(4101): WARN: Waiting for server reply > > >> > (not started). Tried: '10.10.134.241'. > > > >> > 2011/11/13 18:05:26 ossec-agent: INFO: Trying to connect to server > > >> > (10.10.134.241:1514). > > > >> > 2011/11/13 18:05:26 ossec-agent: INFO: Using IPv4 for: 10.10.134.241 . > > > >> > 2011/11/13 18:05:47 ossec-agent(4101): WARN: Waiting for server reply > > >> > (not started). Tried: '10.10.134.241'. > > > >> > 2011/11/13 18:06:07 ossec-agent: INFO: Trying to connect to server > > >> > (10.10.134.241:1514). > > > >> > 2011/11/13 18:06:07 ossec-agent: INFO: Using IPv4 for: 10.10.134.241 . > > > >> > 2011/11/13 18:06:28 ossec-agent(4101): WARN: Waiting for server reply > > >> > (not started). Tried: '10.10.134.241'. > > > >> > 2011/11/13 18:07:06 ossec-agent: INFO: Trying to connect to server > > >> > (10.10.134.241:1514). > > > >> > 2011/11/13 18:07:06 ossec-agent: INFO: Using IPv4 for: 10.10.134.241 . > > > >> > 2011/11/13 18:07:27 ossec-agent(4101): WARN: Waiting for server reply > > >> > (not started). Tried: '10.10.134.241'. > > > >> > 2011/11/13 18:08:23 ossec-agent: INFO: Trying to connect to server > > >> > (10.10.134.241:1514). > > > >> > 2011/11/13 18:08:23 ossec-agent: INFO: Using IPv4 for: 10.10.134.241 . > > > >> > 2011/11/13 18:08:44 ossec-agent(4101): WARN: Waiting for server reply > > >> > (not started). Tried: '10.10.134.241'. > > > >> > ========================= > > > >> > complete logs > > >> > ----------------------- > > > >> > 2011/11/13 18:05:03 ossec-execd(1350): INFO: Active response disabled. > > >> > Exiting. > > > >> > 2011/11/13 18:05:03 ossec-agent(1410): INFO: Reading authentication > > >> > keys file. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: No previous counter available > > >> > for 'AV_server'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Assigning counter for agent > > >> > AV_server: '0:0'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Assigning sender counter: 0:30 > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Trying to connect to server > > >> > (10.10.134.241:1514). > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Using IPv4 for: 10.10.134.241 . > > > >> > 2011/11/13 18:05:03 ossec-agent: Starting syscheckd thread. > > > >> > 2011/11/13 18:05:03 ossec-rootcheck: INFO: Started (pid: 2800). > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Classes\comfile'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Classes\exefile'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Classes\piffile'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Classes\Directory'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Classes\Folder'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Classes\Protocols'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Policies'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Security'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager > > >> > \KnownDLLs'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers > > >> > \winreg'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion > > >> > \RunOnce'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion > > >> > \RunOnceEx'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion > > >> > \Policies'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion > > >> > \Windows'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion > > >> > \Winlogon'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring registry entry: > > >> > 'HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed > > >> > Components'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: > > >> > \WINDOWS/win.ini'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: > > >> > \WINDOWS/system.ini'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: > > >> > \autoexec.bat'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: > > >> > \config.sys'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: > > >> > \boot.ini'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: > > >> > \WINDOWS/System32/CONFIG.NT'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: > > >> > \WINDOWS/System32/AUTOEXEC.NT'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: > > >> > \WINDOWS/System32/at.exe'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: > > >> > \WINDOWS/System32/attrib.exe'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: > > >> > \WINDOWS/System32/cacls.exe'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: > > >> > \WINDOWS/System32/debug.exe'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: > > >> > \WINDOWS/System32/drwatson.exe'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: > > >> > \WINDOWS/System32/drwtsn32.exe'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: > > >> > \WINDOWS/System32/edlin.exe'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: > > >> > \WINDOWS/System32/eventcreate.exe'. > > > >> > 2011/11/13 18:05:03 ossec-agent: INFO: Monitoring directory: 'C: > > ... > > read more »
