Try removing the OSSEC WAIT FILE: /var/ossec/queue/ossec/.wait
On Thursday, August 23, 2012 9:25:46 AM UTC-7, Tony Trummer wrote: > > > I'm trying to configure a new OSSEC installation on Centos 5.8 64bit using > a previous 2.3 installation as a guide. As far as I can tell I've gotten it > all configured the same, but all of the list_agents command (-a, -n, -c) > show "No agent available". > > I can see the following in the agent logs, which seem to show it > communicating with the server : > 2012/08/21 12:00:58 ossec-agentd(4102): INFO: Connected to the server > (x.x.x.x:1514). > 2012/08/21 12:00:58 ossec-agentd: INFO: Server responded. Releasing lock. > > Additionally, when I shut down the processes on the server side I can see > the client responding and I have run tcpdump on the server side and > verified communications coming in from the agent on port 1514, so it seems > that the path is okay. > > When I look at the server logs (running with debug enabled) I see the > following: > 2012/08/21 12:00:41 ossec-monitord: WARN: Process locked. Waiting for > permission... > 2012/08/21 12:00:51 ossec-syscheckd: Setting SCHED_BATCH returned: 0 > 2012/08/21 12:00:58 ossec-remoted: WARN: Process locked. Waiting for > permission... > 2012/08/21 12:02:31 ossec-syscheckd: INFO: Starting syscheck scan > (forwarding database). > 2012/08/21 12:02:31 ossec-syscheckd: WARN: Process locked. Waiting for > permission... > 2012/08/21 12:02:46 ossec-logcollector: WARN: Process locked. Waiting for > permission. > > Doesn't matter how many times I stop/start the services they always seem > to stop with this (error message?). My first question is whether the above > ouput "Waiting for permission" is actually a problem, or just normal. It > seems to hang there indefinitely without additional logs, so I suspect it > is an issue. > > I've cleared the queue/rids directory multiple times, deleted the agent > multiple times and I'm not sure what else to do short of digging through > the source. > > > Any assistance would be appreciated. > >
