On Mon, Dec 15, 2014 at 9:50 AM, Fred974 <trinitec...@gmail.com> wrote: > Hi Dan, > > The firewall has been disable to debug this issue with > pfctl -d > > root@zion /# ifconfig -a > > > bce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > > options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE> > ether f0:4d:a2:00:55:fe > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active > bce1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > > options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE> > ether f0:4d:a2:00:55:fe > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active > bce2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 > > options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE> > ether f0:4d:a2:00:56:02 > media: Ethernet autoselect > bce3: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 > > options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE> > ether f0:4d:a2:00:56:04 > media: Ethernet autoselect > pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160 > pfsync0: flags=0<> metric 0 mtu 1500 > syncpeer: 0.0.0.0 maxupd: 128 defer: off > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> > lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > > options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE> > ether f0:4d:a2:00:55:fe > inet 192.168.1.125 netmask 0xffffff00 broadcast 192.168.1.255 > media: Ethernet autoselect > status: active > laggproto lacp lagghash l2,l3,l4 > laggport: bce1 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING> > laggport: bce0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING> > tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 > options=80000<LINKSTATE> > Opened by PID 1154 > Yes I did import the key correctly and restarted the ossec agent and > server.. > In the DB I can see info from the ossec server but not the agent.. > > Is there any other command I can run to debug the problem? >
No clue really. I can't think of any reason the system wouldn't be trying to communicate with the manager. Kill ossec-agentd and run it with `ossec-agentd -d` maybe? See if that offers more information in the ossec.log. > Thank you > Fred > > > On Tuesday, 2 December 2014 13:47:36 UTC, Fred974 wrote: >> >> Hi Guys, >> >> This is my first post on here... >> >> I have recently installed ossec-hids on FreeBSD and looking at the agent >> log, I get the following errormessage: >> >> 2014/12/01 13:37:41 ossec-syscheckd: socket busy .. >> >> 2014/12/01 13:37:42 ossec-logcollector: socket busy .. >> 2014/12/01 13:37:51 ossec-syscheckd: socket busy .. >> 2014/12/01 13:37:51 ossec-syscheckd(1224): ERROR: Error sending message to >> queue. >> >> .. >> >> Just to clarify, I have the Ossec server installed on my FreeBSD host and >> the agent in a Jail. >> >> I hope some people here can help me solve this problem.. >> >> The Firewall is off at the moment >> >> Thank you >> >> Fred >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
