On Tue, Jul 10, 2012 at 7:03 AM, william allen <[email protected]> wrote: > Sorry I didn't provide sooner. Below is my ossec.log file. Let me know if > there are any other files or logs that would help. > > 1012/07/10 06:02:04 ossec-execd: INFO: Started (pid: 30728). > 1012/07/10 06:02:04 ossec-agentd (1410): INFO: Reading authentication keys > file. > 1012/07/10 06:02:04 ossec-agentd: INFO: Started (pid: 30732). > 1012/07/10 06:02:04 ossec-agentd: INFO: Server IP Address: xxx.xxx.xxx.xxx > 1012/07/10 06:02:04 ossec-agentd: INFO: Trying to connect to server > (xxx.xxx.xxx.xxx:1514). > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Started (pid: 30740). > 1012/07/10 06:02:08 ossec-rootcheck: INFO: Started (pid: 30740). > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Monitoring directory: '/etc'. > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin'. > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Monitoring directory: > '/usr/sbin'. > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Monitoring directory: '/bin'. > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Monitoring directory: '/sbin'. > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Monitoring directory: > '/opt/splunkforwarder/etc'. > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Monitoring directory: > '/opt/ossec/etc'. > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Monitoring directory: > '/usr/local/Nagios/etc'. > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Directory set for real time > monitoring: '/etc'. > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Directory set for real time > monitoring: '/usr/bin'. > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Directory set for real time > monitoring: '/usr/sbin'. > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Directory set for real time > monitoring: '/bin'. > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Directory set for real time > monitoring: '/sbin'. > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Directory set for real time > monitoring: '/opt/splunkforwarder/etc'. > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Directory set for real time > monitoring: '/opt/ossec/etc'. > 1012/07/10 06:02:08 ossec-syscheckd: INFO: Directory set for real time > monitoring: '/usr/local/Nagios/etc'. > 1012/07/10 06:02:10 ossec-logcollector(1950): INFO: Analyzing file: > '/var/log/messages'. > 1012/07/10 06:02:10 ossec-logcollector(1950): INFO: Analyzing file: > '/var/log/secure'. > 1012/07/10 06:02:10 ossec-logcollector(1950): INFO: Analyzing file: > '/var/log/maillog'. > 1012/07/10 06:02:10 ossec-logcollector(1950): INFO: Started (pid: 30736). > 1012/07/10 06:02:25 ossec-agentd(4101): WARN: Waiting for server reply (not > started). Tried: 'xxx.xxx.xxx.xxx:1514'. > 1012/07/10 06:02:27 ossec-agentd: INFO: Trying to connect to server > (xxx.xxx.xxx.xxx:1514). > 1012/07/10 06:02:42 ossec-logcollector: WARN: Process locked. Waiting for > permission... > 1012/07/10 06:02:48 ossec-logcollector: WARN: Waiting for server reply (not > started). Tried: 'xxx.xxx.xxx.xxx:1514'. > 1012/07/10 06:03:08 ossec-agentd: INFO: Trying to connect to server > (xxx.xxx.xxx.xxx:1514). > 1012/07/10 06:03:10 ossec-syscheckd: INFO: Starting syscheck scan > (forwarding database). > 1012/07/10 06:03:10 ossec-syscheckd: WARN: Process locked. Waiting on > permission... > 1012/07/10 06:03:29 ossec-agentd(4101): WARN: Waiting for server reply (not > started). Tried: 'xxx.xxx.xxx.xxx:1514'. > 1012/07/10 06:04:07 ossec-agentd: INFO: Trying to connect to server > (xxx.xxx.xxx.xxx:1514). > 1012/07/10 06:04:28 ossec-agentd(4101): WARN: Waiting for server reply (not > started). Tried: 'xxx.xxx.xxx.xxx:1514'. > 1012/07/10 06:05:24 ossec-agentd: INFO: Trying to connect to server > (xxx.xxx.xxx.xxx:1514). > 1012/07/10 06:05:25 ossec-agentd(4102): INFO: Connected to the server > (xxx.xxx.xxx.xxx:1514). > 1012/07/10 06:05:25 ossec-syscheckd: INFO: Lock free. Continuing... > 1012/07/10 06:05:25 ossec-syscheckd: INFO: Starting syscheck database > (pre-scan). > 1012/07/10 06:05:25 ossec-syscheckd: INFO: Initializing real time file > monitoring (not started). > 1012/07/10 06:05:27 ossec-logcollector: INFO: Lock free. Continuing... > 1012/07/10 06:06:04 ossec-logcollector(1225): INFO: SIGNAL Received. Exit > Cleaning... > 1012/07/10 06:06:04 ossec-syscheckd(1225): INFO: SIGNAL Received. Exit > Cleaning... > 1012/07/10 06:06:04 ossec-agentd(1225): INFO: SIGNAL Received. Exit > Cleaning... > 1012/07/10 06:06:04 ossec-execd(1314): INFO: Shutdown received. Deleting > responses. > 1012/07/10 06:06:04 ossec-execd(1225): INFO: SIGNAL Received. Exit > Cleaning... > > Scott Allen > The Van Dyke Technology Group > [email protected] > (703) 477-0128 (C) > (571) 480-7910 (W) > > >
http://devio.us/~ddp/ossec/docs/faq/unexpected.html#the-communication-between-my-agent-and-the-server-is-not-working-what-to-do
