[ossec-list] Wrong time on osserver /var/ossec/logs/ossec.log

Thu, 24 Sep 2015 05:54:16 -0700 

Greetings friends!

I use ossec version 0.8-beta. In log: /var/ossec/logs/ossec.log I see 
strange things... timestamps:

2015/09/24 05:25:55 ossec-analysisd: INFO: 3 IPs in the white list for 
active response.
2015/09/24 05:25:55 ossec-analysisd: INFO: White listing Hostname: 
'localhost.localdomain'
2015/09/24 05:25:55 ossec-analysisd: INFO: 1 Hostname(s) in the white list 
for active response.
2015/09/24 05:25:55 ossec-analysisd: INFO: Started (pid: 30568).
2015/09/24 05:25:56 ossec-monitord: INFO: Started (pid: 30587).
2015/09/24 05:25:58 ossec-analysisd: INFO: Connected to '/queue/alerts/ar' 
(active-response queue)
2015/09/24 05:25:58 ossec-analysisd: INFO: Connected to 
'/queue/alerts/execq' (exec queue)
2015/09/24 05:25:58 ossec-analysisd: No sid search!! XXX
2015/09/24 15:26:03 ossec-syscheckd(1210): ERROR: Queue 
'/var/ossec/queue/ossec/queue' not accessible: 'Connection
refused'.
2015/09/24 15:26:03 ossec-syscheckd(1210): ERROR: Queue 
'/var/ossec/queue/ossec/queue' not accessible: 'Connection
refused'.
2015/09/24 15:26:04 ossec-logcollector(1210): ERROR: Queue 
'/var/ossec/queue/ossec/queue' not accessible: 'Connecti
on refused'.
2015/09/24 15:26:04 ossec-logcollector(1211): ERROR: Unable to access 
queue: '/var/ossec/queue/ossec/queue'. Giving
 up..
2015/09/24 05:26:09 ossec-monitord(1210): ERROR: Queue '/queue/ossec/queue' 
not accessible: 'Connection refused'.
2015/09/24 05:26:09 ossec-monitord(1211): ERROR: Unable to access queue: 
'/queue/ossec/queue'. Giving up..
2015/09/24 15:26:11 ossec-syscheckd(1210): ERROR: Queue 
'/var/ossec/queue/ossec/queue' not accessible: 'Connection
refused'.
2015/09/24 15:26:11 ossec-syscheckd(1210): ERROR: Queue 
'/var/ossec/queue/ossec/queue' not accessible: 'Connection
refused'.
2015/09/24 15:26:20 ossec-execd(1314): INFO: Shutdown received. Deleting 
responses.
2015/09/24 15:26:20 ossec-execd(1225): INFO: SIGNAL Received. Exit 
Cleaning...
2015/09/24 15:26:24 ossec-syscheckd(1210): ERROR: Queue 
'/var/ossec/queue/ossec/queue' not accessible: 'Connection
refused'.
2015/09/24 15:26:24 ossec-syscheckd(1211): ERROR: Unable to access queue: 
'/var/ossec/queue/ossec/queue'. Giving up
..
2015/09/24 15:27:09 ossec-testrule: INFO: Reading local decoder file.
2015/09/24 15:27:10 ossec-testrule: INFO: Started (pid: 2584).
2015/09/24 15:27:11 ossec-maild: INFO: E-Mail notification disabled. Clean 
Exit.
2015/09/24 15:27:11 ossec-execd: INFO: Started (pid: 2627).
2015/09/24 05:27:11 ossec-analysisd: INFO: Reading local decoder file.
2015/09/24 05:27:11 ossec-analysisd: INFO: Reading rules file: 
'rules_config.xml'
2015/09/24 05:27:11 ossec-analysisd: INFO: Reading rules file: 
'pam_rules.xml'

Service ossec-analysisd lives in the past tense! ;) And agents are not 
active...
The right time on the server: 2015/09/24 15:27 and not 05:25! I setup the 
NTP client to synchronize time... long before that.
Who can tell me what's wrong?


-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to