I've just started using Ossec and try to get it up and running on AIX.
Does anybody have an idea of what the cause could be of the following
error ?
2006/11/28 11:05:12 ossec-execd: Started (pid: 655598).
2006/11/28 11:05:14 ossec-syscheckd: Started (pid: 516184).
2006/11/28 11:05:18 ossec-logcollector(1950): Analyzing file:
'/var/log/messages'.
2006/11/28 11:05:18 ossec-logcollector(1950): Analyzing file:
'/var/log/syslog'.
2006/11/28 11:05:18 ossec-logcollector: Started (pid: 565356).
2006/11/28 11:10:32 ossec-syscheckd: socket busy
2006/11/28 11:10:42 ossec-syscheckd: socket busy
2006/11/28 11:10:42 ossec-syscheckd(1224): Error sending message to
queue.
2006/11/28 11:10:51 ossec-syscheckd: socket busy
2006/11/28 11:11:01 ossec-syscheckd: socket busy
2006/11/28 11:11:01 ossec-syscheckd: socketerr.
2006/11/28 11:11:01 ossec-syscheckd(1224): Error sending message to
queue.
Maybe it has to do with the state of the port which is;
# netstat -aon | grep -p 1514
udp4 0 0 *.1514 *.*
so_state: (PRIV)
timeo:0 uid:0
so_special: (LOCKBALE|DISABLE)
so_special2: (PROC)
sndbuf:
hiwat:9216 lowat:4096 mbcnt:0 mbmax:36864
rcvbuf:
hiwat:42080 lowat:1 mbcnt:0 mbmax:168320
sb_flags: (WAIT|NOTIFY)
Does anybody has a clue ?
All comments are welcome.
Regards
Jos van Hout
