[root@mx2 ossec]# ll total 16K 4.0K drwxrwxrwx 2 ossec ossec 4.0K Feb 10 14:27 ./ 4.0K dr-xr-x--- 7 root ossec 4.0K Dec 30 09:32 ../ 4.0K -rwxrwxrwx 1 ossec ossec 23 Feb 10 12:50 .agent_info* 0 srw-rw---- 1 ossec ossec 0 Feb 10 14:27 queue= 0 srwxrwxrwx 1 ossec ossec 0 Feb 10 12:18 queue_= 4.0K -rwxrwxrwx 1 ossec ossec 1 Feb 10 12:03 .wait*
miercuri, 10 februarie 2016, 14:49:58 UTC+2, Maxim Surdu a scris: > > [root@mx2 bin]# ll > total 2.4M > 4.0K dr-xr-x--- 2 root ossec 4.0K Dec 30 09:32 ./ > 4.0K dr-xr-x--- 11 root ossec 4.0K Dec 30 09:32 ../ > 192K -r-xr-x--- 1 root ossec 189K Dec 30 09:32 agent-auth* > 268K -r-xr-x--- 1 root ossec 267K Dec 30 09:32 manage_agents* > 540K -r-xr-x--- 1 root ossec 540K Dec 30 09:32 ossec-agentd* > 8.0K -r-xr-x--- 1 root ossec 4.8K Oct 13 00:21 ossec-control* > 116K -r-xr-x--- 1 root ossec 115K Dec 30 09:31 ossec-execd* > 412K -r-xr-x--- 1 root ossec 411K Dec 30 09:32 ossec-logcollector* > 216K -r-xr-x--- 1 root ossec 213K Dec 30 09:31 ossec-lua* > 148K -r-xr-x--- 1 root ossec 145K Dec 30 09:31 ossec-luac* > 536K -r-xr-x--- 1 root ossec 535K Dec 30 09:32 ossec-syscheckd* > 8.0K -r-xr-x--- 1 root ossec 4.3K Oct 13 00:21 util.sh* > > > miercuri, 10 februarie 2016, 14:48:06 UTC+2, dan (ddpbsd) a scris: >> >> >> On Feb 10, 2016 7:38 AM, "Maxim Surdu" <[email protected]> wrote: >> > >> > [root@mx2 bin]# tail -f /var/ossec/logs/ossec.log >> > 2016/02/10 14:27:25 ossec-rootcheck: DEBUG: Starting ... >> > 2016/02/10 14:27:25 ossec-rootcheck: Starting queue ... >> > 2016/02/10 14:27:28 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > 2016/02/10 14:27:28 ossec-rootcheck(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > 2016/02/10 14:27:34 ossec-logcollector(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > 2016/02/10 14:27:34 ossec-logcollector(1211): ERROR: Unable to access >> queue: '/var/ossec/queue/ossec/queue'. Giving up.. >> > 2016/02/10 14:27:36 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > 2016/02/10 14:27:36 ossec-rootcheck(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > 2016/02/10 14:27:49 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > 2016/02/10 14:27:49 ossec-rootcheck(1211): ERROR: Unable to access >> queue: '/var/ossec/queue/ossec/queue'. Giving up.. >> > >> > >> >> Check the permissions of the queue directory and files. >> Check any selinux or similar logs. >> Reinstall? >> >> > >> > the same >> > >> > >> > miercuri, 10 februarie 2016, 14:36:42 UTC+2, dan (ddpbsd) a scris: >> >> >> >> >> >> On Feb 10, 2016 7:32 AM, "Maxim Surdu" <[email protected]> wrote: >> >> > >> >> > Hi dear community, >> >> > >> >> > i install and configure about 10 agents >> >> > >> >> > but one of then after install client key did not start >> >> > >> >> > >> >> > [root@mx2 bin]# ./ossec-control start >> >> > Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)... >> >> > Started ossec-execd... >> >> > 2016/02/10 14:27:25 ossec-agentd: INFO: Using notify time: 600 and >> max time to reconnect: 1800 >> >> > Started ossec-agentd... >> >> > 2016/02/10 14:27:25 ossec-logcollector: DEBUG: Starting ... >> >> > Started ossec-logcollector... >> >> > 2016/02/10 14:27:25 ossec-syscheckd: DEBUG: Starting ... >> >> > 2016/02/10 14:27:25 syscheckd: Reading Configuration >> [/var/ossec/etc/ossec.conf] >> >> > 2016/02/10 14:27:25 syscheckd: Reading Client Configuration >> [/var/ossec/etc/ossec.conf] >> >> > 2016/02/10 14:27:25 ossec-rootcheck: DEBUG: Starting ... >> >> > 2016/02/10 14:27:25 ossec-rootcheck: Starting queue ... >> >> > 2016/02/10 14:27:28 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> >> > 2016/02/10 14:27:28 ossec-rootcheck(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> >> > 2016/02/10 14:27:36 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> >> > 2016/02/10 14:27:36 ossec-rootcheck(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> >> > 2016/02/10 14:27:49 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> >> > 2016/02/10 14:27:49 ossec-rootcheck(1211): ERROR: Unable to access >> queue: '/var/ossec/queue/ossec/queue'. Giving up.. >> >> > ossec-syscheckd did not start >> >> > >> >> > >> >> > please any suggestions because this servers are very important for >> monitoring logs. >> >> > >> >> >> >> Check the ossec.log for more detailed log messages. >> >> >> >> > Many thanks, >> >> > Maxim Surdu >> >> > >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> send an email to [email protected]. >> >> >> >> > For more options, visit https://groups.google.com/d/optout. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
