Do you have another application listening on 1514? That's what usually causes the "Unable to Bind port" error as discussed in the wiki:
http://www.ossec.net/wiki/index.php/Know_How:Syslog_Config On 5/4/07, Nanxuan Xu <[EMAIL PROTECTED]> wrote:
Hi: When I installed the "client-server" model, I ran into this question in the "ossec.log" file. Could someone tell me what the reason is? Below is the last few lines in "ossec.log" file: 2007/05/04 14:43:12 ossec-analysisd: White listing IP: '127.0.0.1' 2007/05/04 14:43:12 ossec-analysisd: White listing IP: 'xxx' 2007/05/04 14:43:12 ossec-analysisd: White listing IP: 'xxx' 2007/05/04 14:43:12 ossec-analysisd: 3 IPs in the white list for active response. 2007/05/04 14:43:12 ossec-analysisd: White listing Hostname: 'localhost.localdomain' 2007/05/04 14:43:12 ossec-analysisd: White listing Hostname: 'xxx' 2007/05/04 14:43:12 ossec-analysisd: 2 Hostname(s) in the white list for active response. 2007/05/04 14:43:12 ossec-analysisd: Started (pid: 19842). 2007/05/04 14:43:12 ossec-remoted(1206): Unable to Bind port '1514' 2007/05/04 14:43:13 ossec-monitord: Started (pid: 19863). 2007/05/04 14:43:15 ossec-syscheckd: Started (pid: 19859). 2007/05/04 14:43:18 ossec-logcollector(1950): Analyzing file: '/var/log/messages'. 2007/05/04 14:43:18 ossec-logcollector(1950): Analyzing file: '/var/log/auth.log'. 2007/05/04 14:43:18 ossec-logcollector(1950): Analyzing file: '/var/log/syslog'. 2007/05/04 14:43:18 ossec-logcollector(1950): Analyzing file: '/var/log/mail.info'. 2007/05/04 14:43:18 ossec-logcollector: Started (pid: 19846). 2007/05/04 14:43:21 ossec-analysisd(1210): Queue '/queue/alerts/ar' not accessible. 2007/05/04 14:43:36 ossec-analysisd(1301): Unable to connect to active response queue. 2007/05/04 14:43:36 ossec-analysisd: Connected to '/queue/alerts/execq' (exec queue) ________________________________ 8:00? 8:25? 8:40? Find a flick in no time with theYahoo! Search movie showtime shortcut.
