On Tue, Nov 29, 2011 at 10:20 AM, kevin sullivan <[email protected]> wrote: > I appreciate the quick response. Well I guess I can ask about the real > problem, which is with prelude support: > > When starting ossec, the analysisd daemon is started and it is supposed to > create the queue/ossec/queue which is where the other daemons > (log-collector, syscheck) send their events. However, before creating that > queue, it tries to initialize prelude and this can cause problems. > Networking problems can cause prelude_start() to take over a minute to > return, so meanwhile the other daemons have been started and are trying to > connect to the queue (queue/ossec/queue) which doesn't exist because the > analysisd daemon hasn't created it yet because the prelude_start() function > hasn't returned yet. > > Has anybody else run into this? Is this a way around this? I have a very > kludgy solution and I want to know if there are any better ways to start > ossec successfully even if prelude takes a while to timeout. > > Thanks, > > Kevin > >
It seems like if you're having network issues that you should work on those. You could file a bug though (https://bitbucket.org/dcid/ossec-hids), and maybe the order of these things can be changed. > On Mon, Nov 28, 2011 at 8:22 PM, dan (ddp) <[email protected]> wrote: >> >> You'll have to do some surgery on the code, possibly a lot. It'd >> probably be easier to solve the problems you have than adding more. >> >> On Mon, Nov 28, 2011 at 8:04 PM, kevin sullivan >> <[email protected]> wrote: >> > I have been having a couple issues with running ossec locally with >> > prelude >> > support enabled and one of the solutions I think would work is if I >> > could >> > run ossec in a non-chrooted environment. Is there information on how to >> > run >> > ossec without chroot-ing, or does ossec need to be run in a chrooted >> > environment for reasons I don't know about? >> > >> > Thank you, >> > >> > Kevin >> > > >
