Hi there, Put debug mode and review the logs to identify the error , probably some rule is having problems loading up . I saw this same error on an AIX installation and the complaining rules were some Microsoft and McAfee . Comment them out in ossec.conf and try again .
Let me know if that helps . Cheers On Mon, Oct 3, 2011 at 12:36 PM, AlgoBoy <[email protected]> wrote: > Hi all, > > I ran the below command, but ossec doesn't seem to start. > > ./bin/ossec-control start > > Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)... > 2011/10/03 09:16:23 ossec-testrule: INFO: Reading local decoder file. > Deleting PID file '/var/ossec/var/run/ossec-logcollector-16071.pid' > not used... > Deleting PID file '/var/ossec/var/run/ossec-analysisd-16066.pid' not > used... > ossec-maild already running... > ossec-execd already running... > Started ossec-analysisd... > Started ossec-logcollector... > 2011/10/03 09:16:27 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > queue/ossec/queue' not accessible: 'Connection refused'. > 2011/10/03 09:16:27 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/ > queue/ossec/queue' not accessible: 'Connection refused'. > 2011/10/03 09:16:35 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > queue/ossec/queue' not accessible: 'Connection refused'. > 2011/10/03 09:16:35 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/ > queue/ossec/queue' not accessible: 'Connection refused'. > 2011/10/03 09:16:48 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > queue/ossec/queue' not accessible: 'Connection refused'. > 2011/10/03 09:16:48 ossec-rootcheck(1211): ERROR: Unable to access > queue: '/var/ossec/queue/ossec/queue'. Giving up.. >
