On Mon, Apr 10, 2017 at 2:46 PM, Anoop Perayil <urdudean...@gmail.com> wrote: > I am running OSSEC on a Security Onion build Ubuntu 14.04.5 LTS. > The issue started after I added in more disk since I ran out of space in / >
I really wish SO would partition their system properly. Big /, nothing else is very annoying. Check permissions. Maybe things didn't copy over properly? > On Monday, 10 April 2017 23:52:07 UTC+5:30, Joshua Gimer wrote: >> >> Do you have SELinux running in an enforcing mode? What is the output of >> sestatus? >> >> Josh >> >> On Wed, Oct 12, 2016 at 8:58 AM, Kernel Panic <netwar...@gmail.com> wrote: >>> >>> Really do not know, just installed it from repo and tried to start the >>> service. >>> >>> Thanks >>> Regards >>> >>> El martes, 11 de octubre de 2016, 15:22:03 (UTC-3), Kernel Panic >>> escribió: >>>> >>>> Hi guys, >>>> Yes, I've been reading the error on the list, lots of cases and I got it >>>> too but I run out of idea. >>>> >>>> The log: >>>> >>>> 2016/10/11 13:04:40 ossec-syscheckd(1210): ERROR: Queue >>>> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>>> 2016/10/11 13:04:40 ossec-rootcheck(1210): ERROR: Queue >>>> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>>> 2016/10/11 13:04:46 ossec-logcollector(1210): ERROR: Queue >>>> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>>> 2016/10/11 13:04:46 ossec-logcollector(1211): ERROR: Unable to access >>>> queue: '/var/ossec/queue/ossec/queue'. Giving up.. >>>> 2016/10/11 13:04:48 ossec-syscheckd(1210): ERROR: Queue >>>> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>>> 2016/10/11 13:04:48 ossec-rootcheck(1210): ERROR: Queue >>>> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>>> 2016/10/11 13:05:01 ossec-syscheckd(1210): ERROR: Queue >>>> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>>> 2016/10/11 13:05:01 ossec-rootcheck(1211): ERROR: Unable to access >>>> queue: '/var/ossec/queue/ossec/queue'. Giving up.. >>>> >>>> The queue >>>> srw-rw----. 1 ossec ossec 0 Oct 11 13:04 /var/ossec/queue/ossec/queue >>>> >>>> Also read the local_rules may have issues, tested with -t and no errors >>>> displayed also with xmllint >>>> >>>> xmllint local_rules.xml >>>> <?xml version="1.0"?> >>>> --SNIP- >>>> </group> >>>> <!-- SYSLOG,LOCAL --> >>>> <!-- EOF --> >>>> >>>> There is a file also under /var/ossec/etc/decoder.xml that seems not >>>> good , is that correct? >>>> xmllint decoder.xml >>>> decoder.xml:52: parser error : Extra content at the end of the document >>>> <decoder name="pam"> >>>> ^ >>>> >>>> And found this: >>>> >>>> xmllint ossec.conf >>>> ossec.conf:74: parser error : Comment not terminated >>>> <!-- Frequency that syscheck is executed >>>> <!-- Frequency that syscheck is executed -- default every 20 hours >>>> --> >>>> >>>> Line 74, what's missing here? >>>> >>>> <syscheck> >>>> <!-- Frequency that syscheck is executed -- default every 20 hours >>>> --> >>>> <frequency>72000</frequency> >>>> >>>> >>>> >>>> >>>> >>>> ossec-hids-2.8.3-53.el6.art.x86_64 >>>> ossec-hids-server-2.8.3-53.el6.art.x86_64 >>>> ossec-wui-0.8-4.el6.art.noarch >>>> >>>> Thanks for your time and support >>>> Regards >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to ossec-list+...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >> >> >> >> >> -- >> Thanks, >> Joshua Gimer >> >> --------------------------- >> >> http://www.linkedin.com/in/jgimer >> http://twitter.com/jgimer > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.