Hi.. I found the issue. I checked the logs/ossec.log. I found that / var/ossec/queue/fts/fts-queue was not accessible as the owner of the system was not ossec. I did chown and changed it to ossec, and started ossec. It works like a charm.
On Oct 3, 5:31 pm, Αλέξανδρος Σδούκος <[email protected]> wrote: > Hi there, > > Put debug mode and review the logs to identify the error , probably some > rule is having problems loading up . > I saw this same error on an AIX installation and the complaining rules were > some Microsoft and McAfee . Comment them out > in ossec.conf and try again . > > Let me know if that helps . > > Cheers > > > > > > > > On Mon, Oct 3, 2011 at 12:36 PM, AlgoBoy <[email protected]> wrote: > > Hi all, > > > I ran the below command, but ossec doesn't seem to start. > > > ./bin/ossec-control start > > > Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)... > > 2011/10/03 09:16:23 ossec-testrule: INFO: Reading local decoder file. > > Deleting PID file '/var/ossec/var/run/ossec-logcollector-16071.pid' > > not used... > > Deleting PID file '/var/ossec/var/run/ossec-analysisd-16066.pid' not > > used... > > ossec-maild already running... > > ossec-execd already running... > > Started ossec-analysisd... > > Started ossec-logcollector... > > 2011/10/03 09:16:27 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > > queue/ossec/queue' not accessible: 'Connection refused'. > > 2011/10/03 09:16:27 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/ > > queue/ossec/queue' not accessible: 'Connection refused'. > > 2011/10/03 09:16:35 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > > queue/ossec/queue' not accessible: 'Connection refused'. > > 2011/10/03 09:16:35 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/ > > queue/ossec/queue' not accessible: 'Connection refused'. > > 2011/10/03 09:16:48 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ > > queue/ossec/queue' not accessible: 'Connection refused'. > > 2011/10/03 09:16:48 ossec-rootcheck(1211): ERROR: Unable to access > > queue: '/var/ossec/queue/ossec/queue'. Giving up..
