I'm trying to configure a new OSSEC installation on Centos 5.8 64bit using a previous 2.3 installation as a guide. As far as I can tell I've gotten it all configured the same, but all of the list_agents command (-a, -n, -c) show "No agent available".
I can see the following in the agent logs, which seem to show it communicating with the server : 2012/08/21 12:00:58 ossec-agentd(4102): INFO: Connected to the server (x.x.x.x:1514). 2012/08/21 12:00:58 ossec-agentd: INFO: Server responded. Releasing lock. Additionally, when I shut down the processes on the server side I can see the client responding and I have run tcpdump on the server side and verified communications coming in from the agent on port 1514, so it seems that the path is okay. When I look at the server logs (running with debug enabled) I see the following: 2012/08/21 12:00:41 ossec-monitord: WARN: Process locked. Waiting for permission... 2012/08/21 12:00:51 ossec-syscheckd: Setting SCHED_BATCH returned: 0 2012/08/21 12:00:58 ossec-remoted: WARN: Process locked. Waiting for permission... 2012/08/21 12:02:31 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2012/08/21 12:02:31 ossec-syscheckd: WARN: Process locked. Waiting for permission... 2012/08/21 12:02:46 ossec-logcollector: WARN: Process locked. Waiting for permission. Doesn't matter how many times I stop/start the services they always seem to stop with this (error message?). My first question is whether the above ouput "Waiting for permission" is actually a problem, or just normal. It seems to hang there indefinitely without additional logs, so I suspect it is an issue. I've cleared the queue/rids directory multiple times, deleted the agent multiple times and I'm not sure what else to do short of digging through the source. Any assistance would be appreciated.
