I started getting queue and connection errors on my ossec 2.5.1 server that I can't seem to resolved. I tried a solution on the FAQ, but that only temp. fixed the error. Here is a sample of the ossec.log file:
2010/12/03 12:17:34 ossec-logcollector: INFO: (unix_domain) Maximum send buffer set to: '110592'. 2010/12/03 12:17:34 ossec-logcollector: DEBUG: Entering LogCollectorStart(). 2010/12/03 12:17:34 ossec-logcollector: INFO: Started (pid: 4583). 2010/12/03 12:18:24 ossec-remoted: socketerr (not available). 2010/12/03 12:18:24 ossec-remoted(1210): ERROR: Queue '/queue/ossec/queue' not accessible: 'Connection refused'. 2010/12/03 12:18:27 ossec-remoted(1210): ERROR: Queue '/queue/ossec/queue' not accessible: 'Connection refused'. 2010/12/03 12:18:27 ossec-remoted(1211): ERROR: Unable to access queue: '/queue/ossec/queue'. Giving up.. 2010/12/03 12:18:34 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2010/12/03 12:18:34 ossec-syscheckd: socketerr (not available). 2010/12/03 12:18:34 ossec-syscheckd(1224): ERROR: Error sending message to queue. 2010/12/03 12:18:37 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. 2010/12/03 12:18:37 ossec-syscheckd(1211): ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue'. Giving up.. 2010/12/03 12:19:49 ossec-logcollector: socketerr (not available). 2010/12/03 12:22:05 ossec-logcollector: socketerr (not available). 2010/12/03 12:24:21 ossec-logcollector: socketerr (not available). The ossec server was working fine, the only change made to it recently was I adding some rules to the local rules xml file that changed thresholding, etc. During those rule edits, I had some issues that popped up with the rules themselves do to syntax errors (which reported during ossec service restart) I am running OSSEC 2.5.1 on CentOS 5.5. The log above is with debugging set to 2. The only thing I have tried so far is doing an ossec server restart and checking to make sure there were no stale pid files. Any suggestions?
