I appreciate the quick response. Well I guess I can ask about the real problem, which is with prelude support:
When starting ossec, the analysisd daemon is started and it is supposed to create the queue/ossec/queue which is where the other daemons (log-collector, syscheck) send their events. However, before creating that queue, it tries to initialize prelude and this can cause problems. Networking problems can cause prelude_start() to take over a minute to return, so meanwhile the other daemons have been started and are trying to connect to the queue (queue/ossec/queue) which doesn't exist because the analysisd daemon hasn't created it yet because the prelude_start() function hasn't returned yet. Has anybody else run into this? Is this a way around this? I have a very kludgy solution and I want to know if there are any better ways to start ossec successfully even if prelude takes a while to timeout. Thanks, Kevin On Mon, Nov 28, 2011 at 8:22 PM, dan (ddp) <[email protected]> wrote: > You'll have to do some surgery on the code, possibly a lot. It'd > probably be easier to solve the problems you have than adding more. > > On Mon, Nov 28, 2011 at 8:04 PM, kevin sullivan > <[email protected]> wrote: > > I have been having a couple issues with running ossec locally with > prelude > > support enabled and one of the solutions I think would work is if I could > > run ossec in a non-chrooted environment. Is there information on how to > run > > ossec without chroot-ing, or does ossec need to be run in a chrooted > > environment for reasons I don't know about? > > > > Thank you, > > > > Kevin > > >
