I just upgraded my OSSEC Server to the recent 2.6-Beta release. The install went very smoothly, and worked up until a point. The services all started fine, but I had to go in and comment out the decoders/ rules (active-response notification) that were now integrated into OSSEC, and upon attempting to restart ossec I get errors that the Queue is not accessible. Here's the output...
Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)... 127 Started ossec-csyslogd... Started ossec-maild... Started ossec-execd... Started ossec-analysisd... Started ossec-logcollector... Started ossec-remoted... 2011/06/09 09:33:26 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ queue/ossec/queue' not accessible: 'Connection refused'. 2011/06/09 09:33:26 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/ queue/ossec/queue' not accessible: 'Connection refused'. 2011/06/09 09:33:34 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ queue/ossec/queue' not accessible: 'Connection refused'. 2011/06/09 09:33:34 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/ queue/ossec/queue' not accessible: 'Connection refused'. 2011/06/09 09:33:47 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ queue/ossec/queue' not accessible: 'Connection refused'. 2011/06/09 09:33:47 ossec-rootcheck(1211): ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue'. Giving up.. Here's that directory... $ ls -la queue/ossec/ total 8 drwxrwx--- 2 ossec ossec 4096 Jun 9 09:23 . dr-xr-x--- 11 root ossec 4096 Feb 25 09:24 .. srw-rw---- 1 ossec ossec 0 Jun 9 09:23 queue I tried removing the queue and restarting but then it fails that queue is not found. Thanks - Trey
