Any output when running "agent_control -r -a" Could you share your syscheck config?
Best On Tue, Mar 10, 2015 at 6:48 PM, Cagri Ersen <[email protected]> wrote: > No it's not related inodes. There is tone of free inodes on the system. > > > On Tuesday, March 10, 2015 at 3:36:59 PM UTC+2, Santiago Bassett wrote: >> >> Check if you have any available Inode. You can do that with "df -i" >> >> >> >> On Tue, Mar 10, 2015 at 1:14 AM, Cagri Ersen <[email protected]> wrote: >> >>> Hi all, >>> >>> I have a weird problem with ossec-remoted and logcollector daemons. When >>> I start the ossec services as normaly, everyting seems to OK, all services >>> run properly like below and nothing wrong in the logs. >>> >>> ossec-monitord is running... >>> ossec-logcollector is running... >>> ossec-remoted is running... >>> ossec-syscheckd is running... >>> ossec-analysisd is running... >>> ossec-maild is running... >>> ossec-execd not running... >>> >>> Although all agents seem to connected to server, ossec doesn't work >>> properly, it sometimes generate alerts sometimes doesn't. I tried to test >>> it many times by creating an user or generate a syslog messages with a >>> $badwords (core_dumped etc.) from the agent which should be fire an alert >>> on ossec server. >>> >>> When I enable debug mode to inspect the problem, then remoted and >>> logcollector services don't start properly and I get following error >>> messages: >>> >>> # /var/ossec/bin/ossec-control enable debug >>> # /var/ossec/bin/ossec-control restart >>> ... >>> 2015/03/10 01:53:32 ossec-rootcheck: Starting queue ... >>> 2015/03/10 01:53:35 ossec-syscheckd(1210): ERROR: Queue >>> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>> 2015/03/10 01:53:35 ossec-rootcheck(1210): ERROR: Queue >>> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>> 2015/03/10 01:53:43 ossec-syscheckd: INFO: (unix_domain) Maximum send >>> buffer set to: '65536'. >>> Started ossec-syscheckd... >>> 2015/03/10 01:53:43 ossec-monitord: DEBUG: Starting ... >>> Started ossec-monitord... >>> Completed. >>> >>> ----- >>> >>> ossec-monitord is running... >>> ossec-logcollector not running... >>> ossec-remoted not running... >>> ossec-syscheckd is running... >>> ossec-analysisd is running... >>> ossec-maild is running... >>> >>> But this happens only if debug mode is enabled. When I disable it, all >>> services run aganin normally (at least it seems) and ossec-remoted starts >>> to listen 1514. >>> >>> I've read the throubleshooting section of the document and checked >>> server but I couldn't find any misconfiguration or wrong permissions, so I >>> don't have any idea what's wrong with it... >>> >>> Can you guys please help me ? >>> >>> Thanks. >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
