There's probably an error in your configuration, or a missing rule/decoder somewhere. try "ossec-logtest -t" or the configuration verifier.
On Thu, Jun 9, 2011 at 10:37 AM, treydock <[email protected]> wrote: > I just upgraded my OSSEC Server to the recent 2.6-Beta release. The > install went very smoothly, and worked up until a point. The services > all started fine, but I had to go in and comment out the decoders/ > rules (active-response notification) that were now integrated into > OSSEC, and upon attempting to restart ossec I get errors that the > Queue is not accessible. Here's the output... > > > Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)... > 127 > Started ossec-csyslogd... > Started ossec-maild... > Started ossec-execd... > Started ossec-analysisd... > Started ossec-logcollector... > Started ossec-remoted... > 2011/06/09 09:33:26 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > queue/ossec/queue' not accessible: 'Connection refused'. > 2011/06/09 09:33:26 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/ > queue/ossec/queue' not accessible: 'Connection refused'. > 2011/06/09 09:33:34 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > queue/ossec/queue' not accessible: 'Connection refused'. > 2011/06/09 09:33:34 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/ > queue/ossec/queue' not accessible: 'Connection refused'. > 2011/06/09 09:33:47 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > queue/ossec/queue' not accessible: 'Connection refused'. > 2011/06/09 09:33:47 ossec-rootcheck(1211): ERROR: Unable to access > queue: '/var/ossec/queue/ossec/queue'. Giving up.. > > > Here's that directory... > > > $ ls -la queue/ossec/ > total 8 > drwxrwx--- 2 ossec ossec 4096 Jun 9 09:23 . > dr-xr-x--- 11 root ossec 4096 Feb 25 09:24 .. > srw-rw---- 1 ossec ossec 0 Jun 9 09:23 queue > > > I tried removing the queue and restarting but then it fails that queue > is not found. > > Thanks > - Trey
