I just upgraded my OSSEC Server to the recent 2.6-Beta release.  The
install went very smoothly, and worked up until a point.  The services
all started fine, but I had to go in and comment out the decoders/
rules (active-response notification) that were now integrated into
OSSEC, and upon attempting to restart ossec I get errors that the
Queue is not accessible.  Here's the output...


Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)...
127
Started ossec-csyslogd...
Started ossec-maild...
Started ossec-execd...
Started ossec-analysisd...
Started ossec-logcollector...
Started ossec-remoted...
2011/06/09 09:33:26 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/
queue/ossec/queue' not accessible: 'Connection refused'.
2011/06/09 09:33:26 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/
queue/ossec/queue' not accessible: 'Connection refused'.
2011/06/09 09:33:34 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/
queue/ossec/queue' not accessible: 'Connection refused'.
2011/06/09 09:33:34 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/
queue/ossec/queue' not accessible: 'Connection refused'.
2011/06/09 09:33:47 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/
queue/ossec/queue' not accessible: 'Connection refused'.
2011/06/09 09:33:47 ossec-rootcheck(1211): ERROR: Unable to access
queue: '/var/ossec/queue/ossec/queue'. Giving up..


Here's that directory...


$ ls -la queue/ossec/
total 8
drwxrwx---  2 ossec ossec 4096 Jun  9 09:23 .
dr-xr-x--- 11 root  ossec 4096 Feb 25 09:24 ..
srw-rw----  1 ossec ossec    0 Jun  9 09:23 queue


I tried removing the queue and restarting but then it fails that queue
is not found.

Thanks
- Trey

Reply via email to