On Thu, Aug 23, 2012 at 12:26 PM, dkoleary <[email protected]> wrote: > Hi; > > My ossec environment, currently, consists of only one ossec server. That'll > expand reasonably soon; however, at the moment, just got the one server. > Since I only had the one server, when I started, I did not run the > manage_agents command. After some changes to the ossec config file, I ran > the "agent_control -r -a" to run an immediate syscheck and got the error: > > 2012/08/23 11:01:00 agent_control(1210): ERROR: Queue '/queue/alerts/ar' not > accessible: 'Connection refused'. > 2012/08/23 11:01:00 agent_control(1301): ERROR: Unable to connect to active > response qu > > Do I have to add an agent for the server? I tried that; however, when I run > the agent_control command above, while I'm not getting the error, I'm not > getting the alerts that I should be after running an immediate syscheck. > > Thanks for any hints/tips/suggestions. > > Doug O'Leary
Is active response enabled? If not, enable it and try again.
