[ossec-list] ossec-syscheckd and ossec-rootcheck (1210): ERROR: Queue

Sat, 28 Apr 2012 16:58:07 -0700 

hi,

I have installed ossec 2.6 server on a Mac 10.7.3.

i tried to run ossec with ossec-control start but it gave me some
errors that i fixed adding the 3 ossec users:
ossec, ossecr, ossecm and the group ossec.
This time the error i got is :

Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)...
Started ossec-maild...
Started ossec-execd...
Started ossec-analysisd...
Started ossec-logcollector...
Started ossec-remoted...
2012/04/29 01:40:49 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/
queue/ossec/queue' not accessible: 'Queue not found'.
2012/04/29 01:41:04 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/
queue/ossec/queue' not accessible: 'No such file or directory'.
2012/04/29 01:41:15 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/
queue/ossec/queue' not accessible: 'Queue not found'.
2012/04/29 01:41:30 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/
queue/ossec/queue' not accessible: 'No such file or directory'.
2012/04/29 01:41:46 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/
queue/ossec/queue' not accessible: 'Queue not found'.
2012/04/29 01:42:01 ossec-rootcheck(1211): ERROR: Unable to access
queue: '/var/ossec/queue/ossec/queue'. Giving up..

surfing on the various answers on internet i think that the problems
are the permission and the files owners/group. I have all the
utilities and files, within /var/ossec, with root owner:

dr-xr-x---   3 root  wheel   102 28 Apr 10:27 active-response
dr-xr-x---  14 root  wheel   476 28 Apr 10:27 agentless
dr-xr-x---  27 root  wheel   918 28 Apr 10:27 bin
dr-xr-x---   8 root  wheel   272 28 Apr 10:27 etc
drwxr-x---   6 root  wheel   204 28 Apr 10:27 logs
dr-xr-x---  11 root  wheel   374 28 Apr 10:27 queue
dr-xr-x---  64 root  wheel  2176 28 Apr 10:27 rules
drwxr-x---   2 root  wheel    68 28 Apr 10:27 stats
dr-xr-x---   2 root  wheel    68 28 Apr 10:27 tmp
dr-xr-x---   3 root  wheel   102 29 Apr 01:42 var

Now, I don't know if the problem is really caused by permissions error
or something else, furthermore i don't know what owner and group each
single file need to, so I can't fix it manually.
If the problems are the files permission so can anyone tell me every
sigle file what owner and permissions i have to assign to it?

thank you!!!
Gappa

Reply via email to