[ossec-list] Re: Problems with (re)starting ossec-remoted (Solaris)

Thu, 28 Sep 2006 04:01:10 -0700 


Hi,


Sorry to have to report that the new version has exactly the same problems 
as previous versions (and the same workaround still works).


Richard


--On 27 September 2006 13:57 +0100 Richard Hopkins 
<[EMAIL PROTECTED]> wrote:





Hi Daniel,

  Sorry, but I've been off for a couple of weeks and have only just got
around to catching up on the list email. I've not had a chance to check
out the new (0.9-2) release yet but will hopefully do so tomorrow. I'll
report back.

Cheers,

Richard

--On 10 September 2006 11:21 -0300 Daniel Cid <[EMAIL PROTECTED]>
wrote:



Hi Colby and Richard,

Can you try the latest snapshot? It should have fixed this problem
(permission
issues)...

http://www.ossec.net/files/snapshots/ossec-hids-060910.tar.gz

*just choose the update option during the install. No need to
reinstall everything.

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net



On 9/10/06, Colby W <[EMAIL PROTECTED]> wrote:


Richard,

Did you ever get this resolved?

I am experiencing the same problem with my install of ossec except I am
using Debian Linux, not Solaris.

I tried strace [-f] /usr/local/ossec/bin/ossec-remoted but it was not
successful at starting remoted.

Richard Hopkins wrote:

> Restarted:
>
> shark# ./ossec-control start
> Starting OSSEC HIDS v0.9-1 (by Daniel B. Cid)...
> Started ossec-maild...
> Started ossec-execd...
> Started ossec-analysisd...
> Started ossec-logcollector...
> Started ossec-remoted...
> Started ossec-syscheckd...
> Completed.
>
> Checked its status:
>
> shark# ./ossec-control status
> ossec-logcollector is running...
> ossec-remoted not running...
> ossec-syscheckd is running...
> ossec-analysisd is running...
> ossec-maild is running...
> ossec-execd is running...
>
> Checked that ossec-remoted really wasn't running:
>
> shark# ps -ef | grep remoted
>     root  7586   626  0 15:41:26 pts/4    0:00 grep remoted
>
>
> Same error logged:
>
> 2006/08/25 15:40:50 ossec-remoted: Started (pid: 7553).
> 2006/08/25 15:40:50 ossec-remoted: Started (pid: 7555).
> 2006/08/25 15:40:50 ossec-remoted(1210): Queue '/queue/alerts/ar' not
> accessible.
>
> I just tried (with it stopped) removing and recreating the
> queue/alerts directory but with the same startup problem.
>
> (truss -f to the rescue)
>
> Is there anyone out there running a server installation under Solaris
> 9 who isn't having this problem (is there anyone out there....having
> this same problem)?
>
> Cheers,
>
> Richard












Richard Hopkins,
Information Services,
Computer Centre,
University of Bristol,
Bristol, BS8 1UD, UK

Tel +44 117 928 7859
Fax +44 117 929 1576























					Reply via email to