Even though you resolved the issue, could you please tell us what the faulty configuration was?
On Thu, Feb 11, 2010 at 11:21 AM, Ozgur Ozdemircili < [email protected]> wrote: > Hi mike, > > I did. It gave me the same output. While working on it I noticed the > problem disappears when I remove the newly added rules from ossec.conf > > Removing the probably "Faulty" rules I got it working again. > > Thanks > > Özgür Özdemircili > > > > > On Wed, Feb 10, 2010 at 3:33 PM, Mike Sievers > <[email protected]> wrote: > > please look at ossec.log > > > > Mike > > > > On 10 Feb., 10:05, Ozgur Ozdemircili <[email protected]> > > wrote: > >> The installation of Ossec went well, yet when I restart the server / > >> var/ossec/bin/ossec-control restart It comes up with the following > >> error: > >> > >> 2010/02/10 10:00:06 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > >> queue/ossec/queue' not accessible: 'Connection refused'. > >> 2010/02/10 10:00:06 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/ > >> queue/ossec/queue' not accessible: 'Connection refused'. > >> 2010/02/10 10:00:14 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > >> queue/ossec/queue' not accessible: 'Connection refused'. > >> 2010/02/10 10:00:14 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/ > >> queue/ossec/queue' not accessible: 'Connection refused'. > >> 2010/02/10 10:00:27 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > >> queue/ossec/queue' not accessible: 'Connection refused'. > >> 2010/02/10 10:00:27 ossec-rootcheck(1211): ERROR: Unable to access > >> queue: '/var/ossec/queue/ossec/queue'. Giving up.. > >> > >> When I do : > >> ps -ef | grep ossec > >> > >> ossecm 6379 1 0 10:00 ? 00:00:00 /var/ossec/bin/ossec- > >> maild > >> > >> Only maild is running. > >> > >> And the permissions are just right: > >> > >> dr-xr-x--- 11 root ossec 4096 Feb 10 09:16 . > >> dr-xr-x--- 13 root ossec 4096 Feb 10 09:16 .. > >> drwxr-xr-x 2 ossecr ossec 4096 Feb 10 09:18 agent-info > >> drwxr-xr-x 2 ossec ossec 4096 Feb 10 09:16 agentless > >> drwxrwx--- 2 ossec ossec 4096 Feb 10 10:00 alerts > >> drwxr-x--- 2 ossec ossec 4096 Feb 10 09:16 diff > >> drwxr-x--- 2 ossec ossec 4096 Feb 10 09:18 fts > >> drwxrwx--- 2 ossec ossec 4096 Feb 10 09:37 ossec > >> drwxr-xr-x 2 ossecr ossec 4096 Feb 10 09:18 rids > >> drwxr-x--- 2 ossec ossec 4096 Feb 10 09:24 rootcheck > >> drwxr-x--- 2 ossec ossec 4096 Feb 10 09:24 syscheck > >> > >> Anyone had the problem before? I cannot get it to start. > >> > >> Ozgur > > >
