That was it, was a typo and stray closing tag in local_rules.xml. Everything works beautifully now. Tomorrow I'll begin upgrading all the clients to 2.6-Beta.
- Trey On Jun 9, 1:23 pm, "dan (ddp)" <[email protected]> wrote: > There's probably an error in your configuration, or a missing > rule/decoder somewhere. > try "ossec-logtest -t" or the configuration verifier. > > > > > > > > On Thu, Jun 9, 2011 at 10:37 AM, treydock <[email protected]> wrote: > > I just upgraded my OSSEC Server to the recent 2.6-Beta release. The > > install went very smoothly, and worked up until a point. The services > > all started fine, but I had to go in and comment out the decoders/ > > rules (active-response notification) that were now integrated into > > OSSEC, and upon attempting to restart ossec I get errors that the > > Queue is not accessible. Here's the output... > > > Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)... > > 127 > > Started ossec-csyslogd... > > Started ossec-maild... > > Started ossec-execd... > > Started ossec-analysisd... > > Started ossec-logcollector... > > Started ossec-remoted... > > 2011/06/09 09:33:26 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > > queue/ossec/queue' not accessible: 'Connection refused'. > > 2011/06/09 09:33:26 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/ > > queue/ossec/queue' not accessible: 'Connection refused'. > > 2011/06/09 09:33:34 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > > queue/ossec/queue' not accessible: 'Connection refused'. > > 2011/06/09 09:33:34 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/ > > queue/ossec/queue' not accessible: 'Connection refused'. > > 2011/06/09 09:33:47 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > > queue/ossec/queue' not accessible: 'Connection refused'. > > 2011/06/09 09:33:47 ossec-rootcheck(1211): ERROR: Unable to access > > queue: '/var/ossec/queue/ossec/queue'. Giving up.. > > > Here's that directory... > > > $ ls -la queue/ossec/ > > total 8 > > drwxrwx--- 2 ossec ossec 4096 Jun 9 09:23 . > > dr-xr-x--- 11 root ossec 4096 Feb 25 09:24 .. > > srw-rw---- 1 ossec ossec 0 Jun 9 09:23 queue > > > I tried removing the queue and restarting but then it fails that queue > > is not found. > > > Thanks > > - Trey
