It is usually due to a permission issue on /var/ossec/queue/ossec directory. The ossec daemon can not create the socket file. I got the problem in the past... In my setup: /var/ossec/queue has dr-xr-x--- /var/ossec/queue/ossec has drwxrwx---
On 11/28/11 7:50 AM, "Toby" <[email protected]> wrote: >Hi, > >Have just done a fresh install of Ossec on Ubuntu 10.4 but when ever >the service is started I get the following errors: > > >Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)... >Started ossec-maild... >Started ossec-execd... >Started ossec-analysisd... >Started ossec-logcollector... >Started ossec-remoted... >2011/11/28 18:40:54 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ >queue/ossec/queue' not accessible: 'Connection refused'. >2011/11/28 18:40:54 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/ >queue/ossec/queue' not accessible: 'Connection refused'. >2011/11/28 18:41:02 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ >queue/ossec/queue' not accessible: 'Connection refused'. >2011/11/28 18:41:02 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/ >queue/ossec/queue' not accessible: 'Connection refused'. >2011/11/28 18:41:15 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/ >queue/ossec/queue' not accessible: 'Connection refused'. >2011/11/28 18:41:15 ossec-rootcheck(1211): ERROR: Unable to access >queue: '/var/ossec/queue/ossec/queue'. Giving up.. > >Only the first two processes are showing in the process list. >I have checked the permissions on the file and its owner is ossec. > >It doesn't appear the agent (windows) is connecting either, which i'm >guessing is because of the issue above. There are no other clues in >the log file other then the errors above. > >No firewall setup to block anything on this server. > >Had a good look around and cannot find a resolution for this, but if >i'm being totally blind feel free to point it out. > >Any help would be appreciated. > >Thanks in advance >
