Re: [ossec-list] queue and connection errors

Mon, 06 Dec 2010 07:30:47 -0800 

it is telling you that ossec either crashed or failed to start.

On 12/03/2010 01:27 PM, Nicholas Ritter wrote:
I started getting queue and connection errors on my ossec 2.5.1 server that I can't seem to resolved. I tried a solution on the FAQ, but that only temp. fixed the error. Here is a sample of the ossec.log file:
2010/12/03 12:17:34 ossec-logcollector: INFO: (unix_domain) Maximum send buffer set to: '110592'. 2010/12/03 12:17:34 ossec-logcollector: DEBUG: Entering LogCollectorStart(). 
2010/12/03 12:17:34 ossec-logcollector: INFO: Started (pid: 4583).
2010/12/03 12:18:24 ossec-remoted: socketerr (not available).
2010/12/03 12:18:24 ossec-remoted(1210): ERROR: Queue '/queue/ossec/queue' not accessible: 'Connection refused'. 2010/12/03 12:18:27 ossec-remoted(1210): ERROR: Queue '/queue/ossec/queue' not accessible: 'Connection refused'. 2010/12/03 12:18:27 ossec-remoted(1211): ERROR: Unable to access queue: '/queue/ossec/queue'. Giving up.. 2010/12/03 12:18:34 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 
2010/12/03 12:18:34 ossec-syscheckd: socketerr (not available).
2010/12/03 12:18:34 ossec-syscheckd(1224): ERROR: Error sending message to queue. 2010/12/03 12:18:37 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. 2010/12/03 12:18:37 ossec-syscheckd(1211): ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue'. Giving up.. 
2010/12/03 12:19:49 ossec-logcollector: socketerr (not available).
2010/12/03 12:22:05 ossec-logcollector: socketerr (not available).
2010/12/03 12:24:21 ossec-logcollector: socketerr (not available).
The ossec server was working fine, the only change made to it recently was I adding some rules to the local rules xml file that changed thresholding, etc. During those rule edits, I had some issues that popped up with the rules themselves do to syntax errors (which reported during ossec service restart)
I am running OSSEC 2.5.1 on CentOS 5.5. The log above is with debugging set to 2. The only thing I have tried so far is doing an ossec server restart and checking to make sure there were no stale pid files. 

Any suggestions?




--
R. Loyd Darby, OSSIM-OCSE
Project Manager DOC/NOAA/NMFS
Infrastructure coordinator
Southeast Fisheries Science Center
305-361-4297

Reply via email to