Hi Steve,
Which operating system are you using? I tried to reproduce it on multiple systems (including solaris 10, Fedora, Ubuntu, OpenBSD and Windows) without success. Do you have something like SELinux that can do restrict system access? I remember in the past that someone had SELinux enabled and it was blocking some socket connections from ossec... Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 10/18/06, Steve <[EMAIL PROTECTED]> wrote:
Hi all, Sorry to drag this up from the depths, but I am having the same problem, and was wondering what the workaround is? I am running the latest snap (061017), and definitely have an agent (which obviously cannot connect). I have setup all the permissions as per the wiki. Stopped restarted, and I still get: 2006/10/18 22:20:20 ossec-analysisd(1210): Queue '/queue/alerts/ar' not accessible. 2006/10/18 22:20:35 ossec-analysisd(1301): Unable to connect to active response queue. 2006/10/18 22:20:35 ossec-analysisd: Connected to '/queue/alerts/execq' (exec queue) Any help would be greatly appreciated. Steve Richard Hopkins wrote: > Hi, > > Sorry to have to report that the new version has exactly the same problems > as previous versions (and the same workaround still works). > > Richard > > --On 27 September 2006 13:57 +0100 Richard Hopkins > <[EMAIL PROTECTED]> wrote: > > > > > > > Hi Daniel, > > > > Sorry, but I've been off for a couple of weeks and have only just got > > around to catching up on the list email. I've not had a chance to check > > out the new (0.9-2) release yet but will hopefully do so tomorrow. I'll > > report back. > > > > Cheers, > > > > Richard > > > > --On 10 September 2006 11:21 -0300 Daniel Cid <[EMAIL PROTECTED]> > > wrote: > > > >> > >> Hi Colby and Richard, > >> > >> Can you try the latest snapshot? It should have fixed this problem > >> (permission > >> issues)... > >> > >> http://www.ossec.net/files/snapshots/ossec-hids-060910.tar.gz > >> > >> *just choose the update option during the install. No need to > >> reinstall everything. > >> > >> Thanks, > >> > >> -- > >> Daniel B. Cid > >> dcid ( at ) ossec.net > >> > >> > >> > >> On 9/10/06, Colby W <[EMAIL PROTECTED]> wrote: > >>> > >>> Richard, > >>> > >>> Did you ever get this resolved? > >>> > >>> I am experiencing the same problem with my install of ossec except I am > >>> using Debian Linux, not Solaris. > >>> > >>> I tried strace [-f] /usr/local/ossec/bin/ossec-remoted but it was not > >>> successful at starting remoted. > >>> > >>> Richard Hopkins wrote: > >>> > >>> > Restarted: > >>> > > >>> > shark# ./ossec-control start > >>> > Starting OSSEC HIDS v0.9-1 (by Daniel B. Cid)... > >>> > Started ossec-maild... > >>> > Started ossec-execd... > >>> > Started ossec-analysisd... > >>> > Started ossec-logcollector... > >>> > Started ossec-remoted... > >>> > Started ossec-syscheckd... > >>> > Completed. > >>> > > >>> > Checked its status: > >>> > > >>> > shark# ./ossec-control status > >>> > ossec-logcollector is running... > >>> > ossec-remoted not running... > >>> > ossec-syscheckd is running... > >>> > ossec-analysisd is running... > >>> > ossec-maild is running... > >>> > ossec-execd is running... > >>> > > >>> > Checked that ossec-remoted really wasn't running: > >>> > > >>> > shark# ps -ef | grep remoted > >>> > root 7586 626 0 15:41:26 pts/4 0:00 grep remoted > >>> > > >>> > > >>> > Same error logged: > >>> > > >>> > 2006/08/25 15:40:50 ossec-remoted: Started (pid: 7553). > >>> > 2006/08/25 15:40:50 ossec-remoted: Started (pid: 7555). > >>> > 2006/08/25 15:40:50 ossec-remoted(1210): Queue '/queue/alerts/ar' not > >>> > accessible. > >>> > > >>> > I just tried (with it stopped) removing and recreating the > >>> > queue/alerts directory but with the same startup problem. > >>> > > >>> > (truss -f to the rescue) > >>> > > >>> > Is there anyone out there running a server installation under Solaris > >>> > 9 who isn't having this problem (is there anyone out there....having > >>> > this same problem)? > >>> > > >>> > Cheers, > >>> > > >>> > Richard > >>> > >>> > >> > >> > > > > > > > > Richard Hopkins, > Information Services, > Computer Centre, > University of Bristol, > Bristol, BS8 1UD, UK > > Tel +44 117 928 7859 > Fax +44 117 929 1576
