[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Strange behaviour with some agents...

To: ossec-list@xxxxxxxxx
Subject: [ossec-list] Strange behaviour with some agents...
From: Daniel Rubio <drubio@xxxxxxxx>
Date: Wed, 24 Oct 2007 12:54:58 +0200
Authentication-results: mx.google.com; spf=pass (google.com: domain of ossec-list+caf_=ossec-list=googlegroups.com@xxxxxxxxx designates 66.249.92.169 as permitted sender) smtp.mail=ossec-list+caf_=ossec-list=googlegroups.com@xxxxxxxxx
Authentication-results: mx.google.com; spf=pass (google.com: domain of drubio@xxxxxxxx designates 195.77.216.130 as permitted sender) smtp.mail=drubio@xxxxxxxx
Content-transfer-encoding: quoted-printable

In the last days I've been having problems contacting with some ossec 
agents, I changed some directory permissions, but after, I recovered 
from backup, reinstalled, upgraded, re-created the agents... but some 
agents doesn't still contact with the server.

it's a bit confusing, in the web interface, these clients doesn't appear 
(previously I think they appeared as inactive), I look to the firewall 
but doesn't seem to have comunication problems, I don't know what to do...

In the ossec log for one of these clients, appears (nightly 1.4 release):

2007/10/24 11:19:21 ossec-agentd: Duplicate error:  global: 25, local: 
8838, saved global: 26, saved local:7118
2007/10/24 11:19:21 ossec-agentd(1407): Duplicated counter for 'DB'.
2007/10/24 11:19:21 ossec-agentd(1214): Problem receiving message from 
192.168.200.245.
2007/10/24 11:19:30 ossec-agentd: Duplicate error:  global: 25, local: 
8839, saved global: 26, saved local:7118
2007/10/24 11:19:30 ossec-agentd(1407): Duplicated counter for 'DB'.
2007/10/24 11:19:30 ossec-agentd(1214): Problem receiving message from 
192.168.200.245.
2007/10/24 11:19:35 ossec-agentd(4101): Waiting for server reply (not 
started).

In other (1.1):

2007/10/24 12:36:39 ossec-syscheckd(1702): No directory provided for 
'directories' element.
2007/10/24 12:36:39 ossec-execd(1350): Active response disabled. Exiting.
2007/10/24 12:36:39 ossec-syscheckd(1702): No directory provided for 
'directories' element.
2007/10/24 12:36:39 ossec-syscheckd: Syscheck disabled. Exiting.
2007/10/24 12:36:45 ossec-logcollector(1950): Analyzing file: 
'/var/log/authlog'.
2007/10/24 12:36:45 ossec-logcollector(1950): Analyzing file: 
'/var/log/syslog'.
2007/10/24 12:36:45 ossec-logcollector(1950): Analyzing file: 
'/var/adm/messages'.
2007/10/24 12:36:45 ossec-logcollector: Started (pid: 4314).
2007/10/24 12:36:49 ossec-logcollector: Process locked. Waiting for 
permission...

Actually, the server is a nightly 1.4 release





-- 
********************************************************
Daniel Rubio Rodríguez
OASI (Organisme Autònom Per la Societat de la Informació)
c/ Assalt, 12
43003 - Tarragona
Tef.: 977.244.007 - Fax: 977.224.517
e-mail: drubio a oasi.org
********************************************************

Follow-Ups:
- [ossec-list] Re: Strange behaviour with some agents...
  - From: David Williams
- [ossec-list] Re: Strange behaviour with some agents...
  - From: Michael Starks

Prev by Date: [ossec-list] Re: AIX 5.3 sshd logins and sudo
Next by Date: [ossec-list] Re: Strange behaviour with some agents...
Previous by thread: [ossec-list] Re: OSSEC 1.3 and Windows 2003 64-bit Agent disconnects
Next by thread: [ossec-list] Re: Strange behaviour with some agents...
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.