I have been unable to configure agents to connect to server, the log for the agent is as follows:
2010/12/03 14:34:42 ossec-logcollector(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:34:42 ossec-syscheckd(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:34:42 ossec-agentd(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:34:47 ossec-execd(1350): INFO: Active response disabled. Exiting. 2010/12/03 14:34:47 ossec-agentd(1410): INFO: Reading authentication keys file. 2010/12/03 14:34:47 ossec-agentd: INFO: Assigning sender counter: 0:2 2010/12/03 14:34:47 ossec-agentd: INFO: Started (pid: 28959). 2010/12/03 14:34:47 ossec-agentd: INFO: Server IP Address: 172.19.1.151 2010/12/03 14:34:47 ossec-agentd: INFO: Trying to connect to server (172.19.1.151:1514). 2010/12/03 14:34:51 ossec-syscheckd: INFO: Started (pid: 28967). 2010/12/03 14:34:51 ossec-rootcheck: INFO: Started (pid: 28967). 2010/12/03 14:34:51 ossec-syscheckd: INFO: Monitoring directory: '/ etc'. 2010/12/03 14:34:51 ossec-syscheckd: INFO: Monitoring directory: '/usr/ bin'. 2010/12/03 14:34:51 ossec-syscheckd: INFO: Monitoring directory: '/usr/ sbin'. 2010/12/03 14:34:51 ossec-syscheckd: INFO: Monitoring directory: '/ bin'. 2010/12/03 14:34:51 ossec-syscheckd: INFO: Monitoring directory: '/ sbin'. 2010/12/03 14:34:53 ossec-agentd(1210): ERROR: Queue '/queue/alerts/ execq' not accessible: 'Queue not found'. 2010/12/03 14:34:53 ossec-logcollector(1950): INFO: Analyzing file: '/ var/adm/syslog'. 2010/12/03 14:34:53 ossec-logcollector(1950): INFO: Analyzing file: '/ var/adm/syslog/syslog.log'. 2010/12/03 14:34:53 ossec-logcollector: INFO: Started (pid: 28963). 2010/12/03 14:35:08 ossec-agentd: INFO: Unable to connect to the active response queue (disabled). 2010/12/03 14:35:53 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2010/12/03 14:35:53 ossec-syscheckd: WARN: Process locked. Waiting for permission... 2010/12/03 14:36:29 ossec-logcollector: WARN: Process locked. Waiting for permission... 2010/12/03 14:43:38 ossec-logcollector(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:43:38 ossec-syscheckd(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:43:38 ossec-agentd(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:43:45 ossec-execd(1350): INFO: Active response disabled. Exiting. 2010/12/03 14:43:45 ossec-agentd(1410): INFO: Reading authentication keys file. 2010/12/03 14:43:45 ossec-agentd: INFO: No previous counter available for 'tumainb'. 2010/12/03 14:43:45 ossec-agentd: INFO: Assigning counter for agent tumainb: '0:0'. 2010/12/03 14:43:45 ossec-agentd: INFO: Assigning sender counter: 0:3 2010/12/03 14:43:45 ossec-agentd: INFO: Started (pid: 29856). 2010/12/03 14:43:45 ossec-agentd: INFO: Server IP Address: 172.19.1.151 2010/12/03 14:43:45 ossec-agentd: INFO: Trying to connect to server (172.19.1.151:1514). 2010/12/03 14:43:49 ossec-syscheckd: INFO: Started (pid: 29864). 2010/12/03 14:43:49 ossec-rootcheck: INFO: Started (pid: 29864). 2010/12/03 14:43:49 ossec-syscheckd: INFO: Monitoring directory: '/ etc'. 2010/12/03 14:43:49 ossec-syscheckd: INFO: Monitoring directory: '/usr/ bin'. 2010/12/03 14:43:49 ossec-syscheckd: INFO: Monitoring directory: '/usr/ sbin'. 2010/12/03 14:43:49 ossec-syscheckd: INFO: Monitoring directory: '/ bin'. 2010/12/03 14:43:49 ossec-syscheckd: INFO: Monitoring directory: '/ sbin'. 2010/12/03 14:43:51 ossec-logcollector(1950): INFO: Analyzing file: '/ var/adm/syslog'. 2010/12/03 14:43:51 ossec-logcollector(1950): INFO: Analyzing file: '/ var/adm/syslog/syslog.log'. 2010/12/03 14:43:51 ossec-logcollector: INFO: Started (pid: 29860). 2010/12/03 14:43:51 ossec-agentd(1210): ERROR: Queue '/queue/alerts/ execq' not accessible: 'Queue not found'. 2010/12/03 14:44:06 ossec-agentd: INFO: Unable to connect to the active response queue (disabled). 2010/12/03 14:44:51 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2010/12/03 14:44:51 ossec-syscheckd: WARN: Process locked. Waiting for permission... 2010/12/03 14:46:02 ossec-logcollector: WARN: Process locked. Waiting for permission... 2010/12/03 14:49:02 ossec-logcollector(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:49:02 ossec-syscheckd(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:49:02 ossec-agentd(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:49:07 ossec-execd(1350): INFO: Active response disabled. Exiting. 2010/12/03 14:49:07 ossec-agentd(1410): INFO: Reading authentication keys file. 2010/12/03 14:49:07 ossec-agentd: INFO: No previous counter available for 'tumainb'. 2010/12/03 14:49:07 ossec-agentd: INFO: Assigning counter for agent tumainb: '0:0'. 2010/12/03 14:49:07 ossec-agentd: INFO: Assigning sender counter: 0:4 2010/12/03 14:49:07 ossec-agentd: INFO: Started (pid: 451). 2010/12/03 14:49:07 ossec-agentd: INFO: Server IP Address: 172.19.1.151 2010/12/03 14:49:07 ossec-agentd: INFO: Trying to connect to server (172.19.1.151:1514). 2010/12/03 14:49:11 ossec-syscheckd: INFO: Started (pid: 459). 2010/12/03 14:49:11 ossec-rootcheck: INFO: Started (pid: 459). 2010/12/03 14:49:11 ossec-syscheckd: INFO: Monitoring directory: '/ etc'. 2010/12/03 14:49:11 ossec-syscheckd: INFO: Monitoring directory: '/usr/ bin'. 2010/12/03 14:49:11 ossec-syscheckd: INFO: Monitoring directory: '/usr/ sbin'. 2010/12/03 14:49:11 ossec-syscheckd: INFO: Monitoring directory: '/ bin'. 2010/12/03 14:49:11 ossec-syscheckd: INFO: Monitoring directory: '/ sbin'. 2010/12/03 14:49:13 ossec-logcollector(1950): INFO: Analyzing file: '/ var/adm/syslog'. 2010/12/03 14:49:13 ossec-logcollector(1950): INFO: Analyzing file: '/ var/adm/syslog/syslog.log'. 2010/12/03 14:49:13 ossec-logcollector: INFO: Started (pid: 455). 2010/12/03 14:49:13 ossec-agentd(1210): ERROR: Queue '/queue/alerts/ execq' not accessible: 'Queue not found'. 2010/12/03 14:49:28 ossec-agentd: INFO: Unable to connect to the active response queue (disabled). 2010/12/03 14:49:29 ossec-logcollector(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:49:29 ossec-syscheckd(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:49:29 ossec-agentd(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:49:36 ossec-execd(1350): INFO: Active response disabled. Exiting. 2010/12/03 14:49:36 ossec-agentd(1410): INFO: Reading authentication keys file. 2010/12/03 14:49:36 ossec-agentd: INFO: No previous counter available for 'tumainb'. 2010/12/03 14:49:36 ossec-agentd: INFO: Assigning counter for agent tumainb: '0:0'. 2010/12/03 14:49:36 ossec-agentd: INFO: Assigning sender counter: 0:5 2010/12/03 14:49:36 ossec-agentd: INFO: Started (pid: 516). 2010/12/03 14:49:36 ossec-agentd: INFO: Server IP Address: 172.19.1.151 2010/12/03 14:49:36 ossec-agentd: INFO: Trying to connect to server (172.19.1.151:1514). 2010/12/03 14:49:40 ossec-syscheckd: INFO: Started (pid: 524). 2010/12/03 14:49:40 ossec-rootcheck: INFO: Started (pid: 524). 2010/12/03 14:49:40 ossec-syscheckd: INFO: Monitoring directory: '/ etc'. 2010/12/03 14:49:40 ossec-syscheckd: INFO: Monitoring directory: '/usr/ bin'. 2010/12/03 14:49:40 ossec-syscheckd: INFO: Monitoring directory: '/usr/ sbin'. 2010/12/03 14:49:40 ossec-syscheckd: INFO: Monitoring directory: '/ bin'. 2010/12/03 14:49:40 ossec-syscheckd: INFO: Monitoring directory: '/ sbin'. 2010/12/03 14:49:42 ossec-logcollector(1950): INFO: Analyzing file: '/ var/adm/syslog'. 2010/12/03 14:49:42 ossec-logcollector(1950): INFO: Analyzing file: '/ var/adm/syslog/syslog.log'. 2010/12/03 14:49:42 ossec-logcollector: INFO: Started (pid: 520). 2010/12/03 14:49:42 ossec-agentd(1210): ERROR: Queue '/queue/alerts/ execq' not accessible: 'Queue not found'. 2010/12/03 14:49:54 ossec-logcollector: WARN: Process locked. Waiting for permission... 2010/12/03 14:49:57 ossec-agentd: INFO: Unable to connect to the active response queue (disabled). 2010/12/03 14:50:42 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2010/12/03 14:50:42 ossec-syscheckd: WARN: Process locked. Waiting for permission... 2010/12/03 14:52:29 ossec-logcollector(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:52:29 ossec-syscheckd(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:52:29 ossec-agentd(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:52:34 ossec-execd(1350): INFO: Active response disabled. Exiting. 2010/12/03 14:52:34 ossec-agentd(1410): INFO: Reading authentication keys file. 2010/12/03 14:52:34 ossec-agentd: INFO: No previous counter available for 'tumainb'. 2010/12/03 14:52:34 ossec-agentd: INFO: Assigning counter for agent tumainb: '0:0'. 2010/12/03 14:52:34 ossec-agentd: INFO: Assigning sender counter: 0:6 2010/12/03 14:52:34 ossec-agentd: INFO: Started (pid: 977). 2010/12/03 14:52:34 ossec-agentd: INFO: Server IP Address: 172.19.1.151 2010/12/03 14:52:34 ossec-agentd: INFO: Trying to connect to server (172.19.1.151:1514). 2010/12/03 14:52:38 ossec-syscheckd: INFO: Started (pid: 985). 2010/12/03 14:52:38 ossec-rootcheck: INFO: Started (pid: 985). 2010/12/03 14:52:38 ossec-syscheckd: INFO: Monitoring directory: '/ etc'. 2010/12/03 14:52:38 ossec-syscheckd: INFO: Monitoring directory: '/usr/ bin'. 2010/12/03 14:52:38 ossec-syscheckd: INFO: Monitoring directory: '/usr/ sbin'. 2010/12/03 14:52:38 ossec-syscheckd: INFO: Monitoring directory: '/ bin'. 2010/12/03 14:52:38 ossec-syscheckd: INFO: Monitoring directory: '/ sbin'. 2010/12/03 14:52:40 ossec-agentd(1210): ERROR: Queue '/queue/alerts/ execq' not accessible: 'Queue not found'. 2010/12/03 14:52:40 ossec-logcollector(1950): INFO: Analyzing file: '/ var/adm/syslog'. 2010/12/03 14:52:40 ossec-logcollector(1950): INFO: Analyzing file: '/ var/adm/syslog/syslog.log'. 2010/12/03 14:52:40 ossec-logcollector: INFO: Started (pid: 981). 2010/12/03 14:52:54 ossec-logcollector: WARN: Process locked. Waiting for permission... 2010/12/03 14:52:55 ossec-agentd: INFO: Unable to connect to the active response queue (disabled). 2010/12/03 14:53:35 ossec-logcollector(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:53:35 ossec-syscheckd(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:53:35 ossec-agentd(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:53:41 ossec-execd(1350): INFO: Active response disabled. Exiting. 2010/12/03 14:53:41 ossec-agentd(1410): INFO: Reading authentication keys file. 2010/12/03 14:53:41 ossec-agentd: INFO: No previous counter available for 'tumainb'. 2010/12/03 14:53:41 ossec-agentd: INFO: Assigning counter for agent tumainb: '0:0'. 2010/12/03 14:53:41 ossec-agentd: INFO: Assigning sender counter: 0:7 2010/12/03 14:53:41 ossec-agentd: INFO: Started (pid: 1067). 2010/12/03 14:53:41 ossec-agentd: INFO: Server IP Address: 172.19.1.151 2010/12/03 14:53:41 ossec-agentd: INFO: Trying to connect to server (172.19.1.151:1514). 2010/12/03 14:53:45 ossec-syscheckd: INFO: Started (pid: 1075). 2010/12/03 14:53:45 ossec-rootcheck: INFO: Started (pid: 1075). 2010/12/03 14:53:45 ossec-syscheckd: INFO: Monitoring directory: '/ etc'. 2010/12/03 14:53:45 ossec-syscheckd: INFO: Monitoring directory: '/usr/ bin'. 2010/12/03 14:53:45 ossec-syscheckd: INFO: Monitoring directory: '/usr/ sbin'. 2010/12/03 14:53:45 ossec-syscheckd: INFO: Monitoring directory: '/ bin'. 2010/12/03 14:53:45 ossec-syscheckd: INFO: Monitoring directory: '/ sbin'. 2010/12/03 14:53:47 ossec-logcollector(1950): INFO: Analyzing file: '/ var/adm/syslog'. 2010/12/03 14:53:47 ossec-logcollector(1950): INFO: Analyzing file: '/ var/adm/syslog/syslog.log'. 2010/12/03 14:53:47 ossec-logcollector: INFO: Started (pid: 1071). 2010/12/03 14:53:47 ossec-agentd(1210): ERROR: Queue '/queue/alerts/ execq' not accessible: 'Queue not found'. 2010/12/03 14:54:02 ossec-agentd: INFO: Unable to connect to the active response queue (disabled). 2010/12/03 14:54:47 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2010/12/03 14:54:47 ossec-syscheckd: WARN: Process locked. Waiting for permission... 2010/12/03 14:55:53 ossec-logcollector: WARN: Process locked. Waiting for permission... 2010/12/03 16:09:06 ossec-logcollector(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 16:09:06 ossec-syscheckd(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 16:09:06 ossec-agentd(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 16:09:11 ossec-execd(1350): INFO: Active response disabled. Exiting. 2010/12/03 16:09:11 ossec-agentd(1410): INFO: Reading authentication keys file. 2010/12/03 16:09:11 ossec-agentd: INFO: No previous counter available for 'tumainb'. 2010/12/03 16:09:11 ossec-agentd: INFO: Assigning counter for agent tumainb: '0:0'. 2010/12/03 16:09:11 ossec-agentd: INFO: Assigning sender counter: 0:8 2010/12/03 16:09:11 ossec-agentd: INFO: Started (pid: 7627). 2010/12/03 16:09:11 ossec-agentd: INFO: Server IP Address: 172.19.1.151 2010/12/03 16:09:11 ossec-agentd: INFO: Trying to connect to server (172.19.1.151:1514). 2010/12/03 16:09:15 ossec-syscheckd: INFO: Started (pid: 7635). 2010/12/03 16:09:15 ossec-rootcheck: INFO: Started (pid: 7635). 2010/12/03 16:09:15 ossec-syscheckd: INFO: Monitoring directory: '/ etc'. 2010/12/03 16:09:15 ossec-syscheckd: INFO: Monitoring directory: '/usr/ bin'. 2010/12/03 16:09:15 ossec-syscheckd: INFO: Monitoring directory: '/usr/ sbin'. 2010/12/03 16:09:15 ossec-syscheckd: INFO: Monitoring directory: '/ bin'. 2010/12/03 16:09:15 ossec-syscheckd: INFO: Monitoring directory: '/ sbin'. 2010/12/03 16:09:17 ossec-logcollector(1950): INFO: Analyzing file: '/ var/adm/syslog'. 2010/12/03 16:09:17 ossec-logcollector(1950): INFO: Analyzing file: '/ var/adm/syslog/syslog.log'. 2010/12/03 16:09:17 ossec-logcollector: INFO: Started (pid: 7631). 2010/12/03 16:09:17 ossec-agentd(1210): ERROR: Queue '/queue/alerts/ execq' not accessible: 'Queue not found'. 2010/12/03 16:09:32 ossec-agentd: INFO: Unable to connect to the active response queue (disabled). 2010/12/03 16:10:17 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2010/12/03 16:10:17 ossec-syscheckd: WARN: Process locked. Waiting for permission... 2010/12/03 16:11:28 ossec-logcollector: WARN: Process locked. Waiting for permission... And the log for the server is 2010/12/03 14:42:09 ossec-testrule: INFO: Reading local decoder file. 2010/12/03 14:42:09 ossec-maild: INFO: Started (pid: 25090). 2010/12/03 14:42:09 ossec-execd(1350): INFO: Active response disabled. Exiting. 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading local decoder file. 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'rules_config.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'pam_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'sshd_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'telnetd_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'syslog_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'arpwatch_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'symantec-av_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'symantec-ws_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'pix_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'named_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'smbd_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'vsftpd_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'pure- ftpd_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'proftpd_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'ms_ftpd_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'ftpd_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'hordeimp_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'roundcube_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'wordpress_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'cimserver_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'vpopmail_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'vmpop3d_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'courier_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'web_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'apache_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'nginx_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'php_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'mysql_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'postgresql_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'ids_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'squid_rules.xml' 2010/12/03 14:42:09 ossec-remoted: INFO: Started (pid: 25106). 2010/12/03 14:42:09 ossec-remoted(1501): ERROR: No IP or network allowed in the access list for syslog. No reason for running it. Exiting. 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'firewall_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'cisco- ios_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'netscreenfw_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'sonicwall_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'postfix_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'sendmail_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'imapd_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'mailscanner_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'dovecot_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'ms- exchange_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'racoon_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'vpn_concentrator_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'spamd_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'msauth_rules.xml' 2010/12/03 14:42:09 ossec-remoted: INFO: Started (pid: 25108). 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'mcafee_av_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'trend- osce_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'ms- se_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'zeus_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'solaris_bsm_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'vmware_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'ms_dhcp_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'asterisk_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'ossec_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'attack_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Reading rules file: 'local_rules.xml' 2010/12/03 14:42:09 ossec-analysisd: INFO: Total rules enabled: '1115' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: '/etc/mtab' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: '/etc/ mnttab' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: '/etc/ hosts.deny' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: '/etc/mail/ statistics' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: '/etc/random- seed' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: '/etc/ adjtime' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: '/etc/httpd/ logs' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: '/etc/utmpx' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: '/etc/wtmpx' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: '/etc/cups/ certs' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: '/etc/ dumpdates' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: '/etc/svc/ volatile' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ System32/LogFiles' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ Debug' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ WindowsUpdate.log' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ iis6.log' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ system32/wbem/Logs' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ system32/wbem/Repository' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ Prefetch' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ PCHEALTH/HELPCTR/DataColl' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ SoftwareDistribution' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ Temp' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ system32/config' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ system32/spool' 2010/12/03 14:42:09 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ system32/CatRoot' 2010/12/03 14:42:09 ossec-analysisd: INFO: Started (pid: 25098). 2010/12/03 14:42:10 ossec-remoted(4111): INFO: Maximum number of agents allowed: '256'. 2010/12/03 14:42:10 ossec-remoted(1410): INFO: Reading authentication keys file. 2010/12/03 14:42:10 ossec-monitord: INFO: Started (pid: 25119). 2010/12/03 14:42:14 ossec-syscheckd: INFO: Started (pid: 25114). 2010/12/03 14:42:14 ossec-rootcheck: INFO: Started (pid: 25114). 2010/12/03 14:42:14 ossec-syscheckd: INFO: Monitoring directory: '/ etc'. 2010/12/03 14:42:14 ossec-syscheckd: INFO: Monitoring directory: '/usr/ bin'. 2010/12/03 14:42:14 ossec-syscheckd: INFO: Monitoring directory: '/usr/ sbin'. 2010/12/03 14:42:14 ossec-syscheckd: INFO: Monitoring directory: '/ bin'. 2010/12/03 14:42:14 ossec-syscheckd: INFO: Monitoring directory: '/ sbin'. 2010/12/03 14:42:15 ossec-logcollector(1950): INFO: Analyzing file: '/ var/log/messages'. 2010/12/03 14:42:15 ossec-logcollector(1950): INFO: Analyzing file: '/ var/log/secure'. 2010/12/03 14:42:15 ossec-logcollector(1950): INFO: Analyzing file: '/ var/log/maillog'. 2010/12/03 14:42:15 ossec-logcollector: INFO: Started (pid: 25102). 2010/12/03 14:42:34 ossec-maild(1223): ERROR: Error Sending email to 172.16.128.143 (smtp server) 2010/12/03 14:43:16 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2010/12/03 14:43:16 ossec-syscheckd: INFO: Starting syscheck database (pre-scan). 2010/12/03 14:50:54 ossec-maild(1223): ERROR: Error Sending email to 172.16.128.143 (smtp server) 2010/12/03 14:53:54 ossec-monitord(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:53:54 ossec-logcollector(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:53:54 ossec-remoted(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:53:54 ossec-syscheckd(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:53:55 ossec-analysisd(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:53:55 ossec-maild(1225): INFO: SIGNAL Received. Exit Cleaning... 2010/12/03 14:54:00 ossec-testrule: INFO: Reading local decoder file. 2010/12/03 14:54:01 ossec-maild: INFO: Started (pid: 27800). 2010/12/03 14:54:01 ossec-execd(1350): INFO: Active response disabled. Exiting. 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading local decoder file. 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'rules_config.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'pam_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'sshd_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'telnetd_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'syslog_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'arpwatch_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'symantec-av_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'symantec-ws_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'pix_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'named_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'smbd_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'vsftpd_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'pure- ftpd_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'proftpd_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'ms_ftpd_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'ftpd_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'hordeimp_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'roundcube_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'wordpress_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'cimserver_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'vpopmail_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'vmpop3d_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'courier_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'web_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'apache_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'nginx_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'php_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'mysql_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'postgresql_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'ids_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'squid_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'firewall_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'cisco- ios_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'netscreenfw_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'sonicwall_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'postfix_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'sendmail_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'imapd_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'mailscanner_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'dovecot_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'ms- exchange_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'racoon_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'vpn_concentrator_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'spamd_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'msauth_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'mcafee_av_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'trend- osce_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'ms- se_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'zeus_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'solaris_bsm_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'vmware_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'ms_dhcp_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'asterisk_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'ossec_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'attack_rules.xml' 2010/12/03 14:54:01 ossec-analysisd: INFO: Reading rules file: 'local_rules.xml' 2010/12/03 14:54:01 ossec-remoted: INFO: Started (pid: 27816). 2010/12/03 14:54:01 ossec-analysisd: INFO: Total rules enabled: '1115' 2010/12/03 14:54:01 ossec-remoted(1501): ERROR: No IP or network allowed in the access list for syslog. No reason for running it. Exiting. 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: '/etc/mtab' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: '/etc/ mnttab' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: '/etc/ hosts.deny' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: '/etc/mail/ statistics' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: '/etc/random- seed' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: '/etc/ adjtime' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: '/etc/httpd/ logs' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: '/etc/utmpx' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: '/etc/wtmpx' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: '/etc/cups/ certs' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: '/etc/ dumpdates' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: '/etc/svc/ volatile' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ System32/LogFiles' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ Debug' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ WindowsUpdate.log' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ iis6.log' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ system32/wbem/Logs' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ system32/wbem/Repository' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ Prefetch' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ PCHEALTH/HELPCTR/DataColl' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ SoftwareDistribution' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ Temp' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ system32/config' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ system32/spool' 2010/12/03 14:54:01 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/ system32/CatRoot' 2010/12/03 14:54:01 ossec-remoted: INFO: Started (pid: 27818). 2010/12/03 14:54:01 ossec-analysisd: INFO: Started (pid: 27808). 2010/12/03 14:54:01 ossec-remoted(4111): INFO: Maximum number of agents allowed: '256'. 2010/12/03 14:54:01 ossec-remoted(1410): INFO: Reading authentication keys file. 2010/12/03 14:54:01 ossec-remoted: INFO: No previous counter available for 'tumainb'. 2010/12/03 14:54:01 ossec-remoted: INFO: Assigning counter for agent tumainb: '0:0'. 2010/12/03 14:54:01 ossec-remoted: INFO: No previous sender counter. 2010/12/03 14:54:01 ossec-remoted: INFO: Assigning sender counter: 0:0 2010/12/03 14:54:01 ossec-monitord: INFO: Started (pid: 27828). 2010/12/03 14:54:05 ossec-syscheckd: INFO: Started (pid: 27824). 2010/12/03 14:54:05 ossec-rootcheck: INFO: Started (pid: 27824). 2010/12/03 14:54:05 ossec-syscheckd: INFO: Monitoring directory: '/ etc'. 2010/12/03 14:54:05 ossec-syscheckd: INFO: Monitoring directory: '/usr/ bin'. 2010/12/03 14:54:05 ossec-syscheckd: INFO: Monitoring directory: '/usr/ sbin'. 2010/12/03 14:54:05 ossec-syscheckd: INFO: Monitoring directory: '/ bin'. 2010/12/03 14:54:05 ossec-syscheckd: INFO: Monitoring directory: '/ sbin'. 2010/12/03 14:54:07 ossec-logcollector(1950): INFO: Analyzing file: '/ var/log/messages'. 2010/12/03 14:54:07 ossec-logcollector(1950): INFO: Analyzing file: '/ var/log/secure'. 2010/12/03 14:54:07 ossec-logcollector(1950): INFO: Analyzing file: '/ var/log/maillog'. 2010/12/03 14:54:07 ossec-logcollector: INFO: Started (pid: 27812). 2010/12/03 14:54:26 ossec-maild(1223): ERROR: Error Sending email to 172.16.128.143 (smtp server) 2010/12/03 14:55:07 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2010/12/03 14:55:07 ossec-syscheckd: INFO: Starting syscheck database (pre-scan). 2010/12/03 15:08:27 ossec-syscheckd: INFO: Finished creating syscheck database (pre-scan completed). 2010/12/03 15:08:39 ossec-syscheckd: INFO: Ending syscheck scan (forwarding database). 2010/12/03 15:08:59 ossec-rootcheck: INFO: Starting rootcheck scan. 2010/12/03 15:10:21 ossec-maild(1223): ERROR: Error Sending email to 172.16.128.143 (smtp server) 2010/12/03 15:49:13 ossec-rootcheck: INFO: Ending rootcheck scan.