[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] HP-UX process lock / Incorrectly formated message question
- To: ossec-list@xxxxxxxxx
- Subject: [ossec-list] HP-UX process lock / Incorrectly formated message question
- From: "Nick Baronian" <kvetch@xxxxxxxxx>
- Date: Tue, 3 Apr 2007 15:02:52 -0400
- Content-disposition: inline
- Content-transfer-encoding: 7bit
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=eiyOOWujROKcA6yyS8r/gCCpk9ZCKKrQUi8GwXwtedPPx9uhNOXXaM9kHLRo1lo94CxRzafrgr4OvmdN+3EDwjx2w6s1v3F2kXSI0dC7gzlE57Q4s1tHeHypM+IBGFwPIl3o/cPCI/OI5xuJla6cOoXX6II8dlziTeFsfUCs6zU=
Hello, I have an agent on a HP-UX 11i box that is generating some odd
things in the logs and I was hoping someone might be able to help me
figure out what might be wrong.
After install I first added the agent to the ossec server (linux) and saw
2007/04/03 10:18:38 ossec-logcollector: Started (pid: 29826).
2007/04/03 10:19:11 ossec-remoted(1403): Incorrectly formated message
from '192.168.1.2'.
I assumed this was because the agent hadn't been started.
The agent was started and below is the output of the HP-UX agent's log.
2007/04/03 10:21:57 ossec-execd(1350): Active response disabled. Exiting.
2007/04/03 10:21:57 ossec-agentd: Started (pid: 25721).
2007/04/03 10:21:57 ossec-agentd: Connecting to server (192.168.1.1:1514).
2007/04/03 10:21:59 ossec-syscheckd: Started (pid: 25729).
2007/04/03 10:22:03 ossec-agentd(1210): Queue '/queue/alerts/execq'
not accessible.
2007/04/03 10:22:03 ossec-logcollector(1950): Analyzing file: '/var/adm/syslog'.
2007/04/03 10:22:03 ossec-logcollector: Started (pid: 25725).
2007/04/03 10:22:18 ossec-agentd(1301): Unable to connect to active
response queue.
2007/04/03 10:24:13 ossec-logcollector: Process locked. Waiting for
permission...
2007/04/03 10:26:55 ossec-syscheckd: Process locked. Waiting for permission...
I didn't know what the process locked messages were all about so I had
the agent restarted (thinking that if the admin had not properly
started or restart the agent earlier and a process was still out
there)
2007/04/03 13:55:20 ossec-logcollector(1225): SIGNAL Received. Exit Cleaning...
2007/04/03 13:55:20 ossec-syscheckd(1225): SIGNAL Received. Exit Cleaning...
2007/04/03 13:55:20 ossec-agentd(1225): SIGNAL Received. Exit Cleaning...
2007/04/03 13:55:55 ossec-execd(1350): Active response disabled. Exiting.
2007/04/03 13:55:55 ossec-agentd: No previous counter available for 'sysX'.
2007/04/03 13:55:55 ossec-agentd: Assigning counter for agent sysX: '0:0'.
2007/04/03 13:55:55 ossec-agentd: Assigning sender counter: 0:1
2007/04/03 13:55:55 ossec-agentd: Started (pid: 27630).
2007/04/03 13:55:55 ossec-agentd: Connecting to server (192.168.1.1:1514).
2007/04/03 13:55:57 ossec-syscheckd: Started (pid: 27638).
2007/04/03 13:56:01 ossec-agentd(1210): Queue '/queue/alerts/execq'
not accessible.
2007/04/03 13:56:01 ossec-logcollector(1950): Analyzing file: '/var/adm/syslog'.
2007/04/03 13:56:01 ossec-logcollector: Started (pid: 27634).
2007/04/03 13:56:16 ossec-agentd(1301): Unable to connect to active
response queue
Now we still see the following on the ossec linux server and so far we
haven't seen any alerts from the HP-UX agent.
2007/04/03 13:56:16 ossec-remoted(1403): Incorrectly formated message
from '192.168.1.2'
Anyone have any clues to what might be up with our configuration?
Thanks,
Nick Baronian
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.