JB, That appears to have fixed the issue. Thanks a ton!
On Friday, August 24, 2012 5:52:03 PM UTC-7, JB wrote: > > Try removing the OSSEC WAIT FILE: /var/ossec/queue/ossec/.wait > > On Thursday, August 23, 2012 9:25:46 AM UTC-7, Tony Trummer wrote: >> >> >> I'm trying to configure a new OSSEC installation on Centos 5.8 64bit >> using a previous 2.3 installation as a guide. As far as I can tell I've >> gotten it all configured the same, but all of the list_agents command (-a, >> -n, -c) show "No agent available". >> >> I can see the following in the agent logs, which seem to show it >> communicating with the server : >> 2012/08/21 12:00:58 ossec-agentd(4102): INFO: Connected to the server >> (x.x.x.x:1514). >> 2012/08/21 12:00:58 ossec-agentd: INFO: Server responded. Releasing lock. >> >> Additionally, when I shut down the processes on the server side I can see >> the client responding and I have run tcpdump on the server side and >> verified communications coming in from the agent on port 1514, so it seems >> that the path is okay. >> >> When I look at the server logs (running with debug enabled) I see the >> following: >> 2012/08/21 12:00:41 ossec-monitord: WARN: Process locked. Waiting for >> permission... >> 2012/08/21 12:00:51 ossec-syscheckd: Setting SCHED_BATCH returned: 0 >> 2012/08/21 12:00:58 ossec-remoted: WARN: Process locked. Waiting for >> permission... >> 2012/08/21 12:02:31 ossec-syscheckd: INFO: Starting syscheck scan >> (forwarding database). >> 2012/08/21 12:02:31 ossec-syscheckd: WARN: Process locked. Waiting for >> permission... >> 2012/08/21 12:02:46 ossec-logcollector: WARN: Process locked. Waiting for >> permission. >> >> Doesn't matter how many times I stop/start the services they always seem >> to stop with this (error message?). My first question is whether the above >> ouput "Waiting for permission" is actually a problem, or just normal. It >> seems to hang there indefinitely without additional logs, so I suspect it >> is an issue. >> >> I've cleared the queue/rids directory multiple times, deleted the agent >> multiple times and I'm not sure what else to do short of digging through >> the source. >> >> >> Any assistance would be appreciated. >> >>
