'[ossec-list] Ossec Socket error'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ossec-list
Subject:    [ossec-list] Ossec Socket error
From:       "Hout, Jos van" <jos.van-hout () corusgroup ! com>
Date:       2006-11-28 10:47:46
Message-ID: 1164710866.252737.124980 () j72g2000cwa ! googlegroups ! com
[Download RAW message or body]


I've just started using Ossec and try to get it up and running on AIX.
Does anybody have an idea of what the cause could be of the following
error ?

2006/11/28 11:05:12 ossec-execd: Started (pid: 655598).
2006/11/28 11:05:14 ossec-syscheckd: Started (pid: 516184).
2006/11/28 11:05:18 ossec-logcollector(1950): Analyzing file:
'/var/log/messages'.
2006/11/28 11:05:18 ossec-logcollector(1950): Analyzing file:
'/var/log/syslog'.
2006/11/28 11:05:18 ossec-logcollector: Started (pid: 565356).
2006/11/28 11:10:32 ossec-syscheckd: socket busy
2006/11/28 11:10:42 ossec-syscheckd: socket busy
2006/11/28 11:10:42 ossec-syscheckd(1224): Error sending message to
queue.
2006/11/28 11:10:51 ossec-syscheckd: socket busy
2006/11/28 11:11:01 ossec-syscheckd: socket busy
2006/11/28 11:11:01 ossec-syscheckd: socketerr.
2006/11/28 11:11:01 ossec-syscheckd(1224): Error sending message to
queue.

Maybe it has to do with the state of the port which is;
# netstat -aon | grep -p 1514
udp4       0      0  *.1514                 *.*
         so_state: (PRIV)
         timeo:0 uid:0
         so_special: (LOCKBALE|DISABLE)
         so_special2: (PROC)
         sndbuf:
                 hiwat:9216 lowat:4096 mbcnt:0 mbmax:36864
         rcvbuf:
                 hiwat:42080 lowat:1 mbcnt:0 mbmax:168320
                 sb_flags: (WAIT|NOTIFY)

Does anybody has a clue ?

All comments are welcome.

Regards
Jos van Hout


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic