/var/ossec/bin/ossec-logtest -t /var/ossec/bin/ossec-analysisd -d
On Wed, Jun 13, 2012 at 4:31 PM, hongbin <[email protected]> wrote: > Hi. > I checked the log after installing ossec server. It showed the following > error and the altering. It seems that the agentless monitoring service > didn't work because of that. Does anyone have any idea? Thanks. > > 2012/06/13 20:09:11 ossec-analysisd: INFO: Started (pid: 9034). > 2012/06/13 20:09:11 ossec-remoted: INFO: Started (pid: 9042). > 2012/06/13 20:09:11 ossec-monitord: INFO: Started (pid: 9049). > 2012/06/13 20:09:15 ossec-syscheckd: INFO: Started (pid: 9046). > 2012/06/13 20:09:15 ossec-rootcheck: INFO: Started (pid: 9046). > 2012/06/13 20:09:15 ossec-syscheckd: INFO: Monitoring directory: '/etc'. > 2012/06/13 20:09:15 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin'. > 2012/06/13 20:09:15 ossec-syscheckd: INFO: Monitoring directory: > '/usr/sbin'. > 2012/06/13 20:09:15 ossec-syscheckd: INFO: Monitoring directory: '/bin'. > 2012/06/13 20:09:15 ossec-syscheckd: INFO: Monitoring directory: '/sbin'. > 2012/06/13 20:09:17 ossec-logcollector(1950): INFO: Analyzing file: > '/var/log/au > th.log'. > 2012/06/13 20:09:17 ossec-logcollector(1950): INFO: Analyzing file: > '/var/log/sy > slog'. > 2012/06/13 20:09:17 ossec-logcollector(1950): INFO: Analyzing file: > '/var/log/dp > kg.log'. > 2012/06/13 20:09:17 ossec-logcollector: INFO: Started (pid: 9038). > 2012/06/13 20:09:21 ossec-analysisd: Rules in an inconsistent state. > Exiting. > 2012/06/13 20:10:17 ossec-syscheckd: INFO: Starting syscheck scan > (forwarding da > tabase). > 2012/06/13 20:10:17 ossec-syscheckd: socketerr (not available). > 2012/06/13 20:10:17 ossec-syscheckd(1224): ERROR: Error sending message to > queue > . > 2012/06/13 20:10:20 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/ > queue' not accessible: 'Connection refused'. > 2012/06/13 20:10:20 ossec-syscheckd(1211): ERROR: Unable to access queue: > '/var/ > ossec/queue/ossec/queue'. Giving up.. >
