Another agent disconnect issue
Posted: Tue Dec 14, 2021 2:13 pm
I am having some difficulty getting some clients to connect to my Ossec server. Have confirmed that correct IP address is in place on client (and removed from log below). Server is accepting connections from other clients. I have tried to remove the /var/ossec/queue/ossec/.wait file to clear what appears to be errors below for Process being locked. I've tried enabling debugging info (=1) in etc/internal_options.conf .
Was hoping for someone to recognize issue, or suggest further ways to obtain info on issue.
Thanks, Mike
Was hoping for someone to recognize issue, or suggest further ways to obtain info on issue.
Thanks, Mike
Code: Select all
2021/12/14 12:52:16 ossec-logcollector: INFO: Started (pid: 1199315).
2021/12/14 12:52:22 ossec-logcollector: WARN: Process locked. Waiting for permission...
2021/12/14 12:52:31 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: 'ossec-serverIP'.
2021/12/14 12:52:33 ossec-agentd: INFO: Trying to connect to server ossec-serverIP, port 1514.
2021/12/14 12:52:33 INFO: Connected to ossec-serverIP at address ossec-serverIP, port 1514
2021/12/14 12:52:33 ossec-agentd [dns]: DEBUG: n == 0
2021/12/14 12:52:33 ossec-agentd: WARN: n == 0
2021/12/14 12:52:33 ossec-agentd: DEBUG: agt->sock: 15
2021/12/14 12:52:54 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: 'ossec-serverIP'.
2021/12/14 12:53:14 ossec-agentd: INFO: Trying to connect to server ossec-serverIP, port 1514.
2021/12/14 12:53:14 INFO: Connected to ossec-serverIP at address ossec-serverIP, port 1514
2021/12/14 12:53:14 ossec-agentd [dns]: DEBUG: n == 0
2021/12/14 12:53:14 ossec-agentd: WARN: n == 0
2021/12/14 12:53:14 ossec-agentd: DEBUG: agt->sock: 18
2021/12/14 12:53:16 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database).
2021/12/14 12:53:16 ossec-syscheckd: WARN: Process locked. Waiting for permission...
2021/12/14 12:53:35 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: 'ossec-serverIP'.