On Feb 10, 2016 7:51 AM, "Maxim Surdu" <[email protected]> wrote: > > [root@mx2 ossec]# ll > total 16K > 4.0K drwxrwxrwx 2 ossec ossec 4.0K Feb 10 14:27 ./ > 4.0K dr-xr-x--- 7 root ossec 4.0K Dec 30 09:32 ../ > 4.0K -rwxrwxrwx 1 ossec ossec 23 Feb 10 12:50 .agent_info* > 0 srw-rw---- 1 ossec ossec 0 Feb 10 14:27 queue= > 0 srwxrwxrwx 1 ossec ossec 0 Feb 10 12:18 queue_= > 4.0K -rwxrwxrwx 1 ossec ossec 1 Feb 10 12:03 .wait* > >
You have working agents, I'm on a train. Compare those perms to a working agent. Also Try reimporting the key again. > miercuri, 10 februarie 2016, 14:49:58 UTC+2, Maxim Surdu a scris: >> >> [root@mx2 bin]# ll >> total 2.4M >> 4.0K dr-xr-x--- 2 root ossec 4.0K Dec 30 09:32 ./ >> 4.0K dr-xr-x--- 11 root ossec 4.0K Dec 30 09:32 ../ >> 192K -r-xr-x--- 1 root ossec 189K Dec 30 09:32 agent-auth* >> 268K -r-xr-x--- 1 root ossec 267K Dec 30 09:32 manage_agents* >> 540K -r-xr-x--- 1 root ossec 540K Dec 30 09:32 ossec-agentd* >> 8.0K -r-xr-x--- 1 root ossec 4.8K Oct 13 00:21 ossec-control* >> 116K -r-xr-x--- 1 root ossec 115K Dec 30 09:31 ossec-execd* >> 412K -r-xr-x--- 1 root ossec 411K Dec 30 09:32 ossec-logcollector* >> 216K -r-xr-x--- 1 root ossec 213K Dec 30 09:31 ossec-lua* >> 148K -r-xr-x--- 1 root ossec 145K Dec 30 09:31 ossec-luac* >> 536K -r-xr-x--- 1 root ossec 535K Dec 30 09:32 ossec-syscheckd* >> 8.0K -r-xr-x--- 1 root ossec 4.3K Oct 13 00:21 util.sh* >> >> >> miercuri, 10 februarie 2016, 14:48:06 UTC+2, dan (ddpbsd) a scris: >>> >>> >>> On Feb 10, 2016 7:38 AM, "Maxim Surdu" <[email protected]> wrote: >>> > >>> > [root@mx2 bin]# tail -f /var/ossec/logs/ossec.log >>> > 2016/02/10 14:27:25 ossec-rootcheck: DEBUG: Starting ... >>> > 2016/02/10 14:27:25 ossec-rootcheck: Starting queue ... >>> > 2016/02/10 14:27:28 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>> > 2016/02/10 14:27:28 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>> > 2016/02/10 14:27:34 ossec-logcollector(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>> > 2016/02/10 14:27:34 ossec-logcollector(1211): ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue'. Giving up.. >>> > 2016/02/10 14:27:36 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>> > 2016/02/10 14:27:36 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>> > 2016/02/10 14:27:49 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>> > 2016/02/10 14:27:49 ossec-rootcheck(1211): ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue'. Giving up.. >>> > >>> > >>> >>> Check the permissions of the queue directory and files. >>> Check any selinux or similar logs. >>> Reinstall? >>> >>> > >>> > the same >>> > >>> > >>> > miercuri, 10 februarie 2016, 14:36:42 UTC+2, dan (ddpbsd) a scris: >>> >> >>> >> >>> >> On Feb 10, 2016 7:32 AM, "Maxim Surdu" <[email protected]> wrote: >>> >> > >>> >> > Hi dear community, >>> >> > >>> >> > i install and configure about 10 agents >>> >> > >>> >> > but one of then after install client key did not start >>> >> > >>> >> > >>> >> > [root@mx2 bin]# ./ossec-control start >>> >> > Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)... >>> >> > Started ossec-execd... >>> >> > 2016/02/10 14:27:25 ossec-agentd: INFO: Using notify time: 600 and max time to reconnect: 1800 >>> >> > Started ossec-agentd... >>> >> > 2016/02/10 14:27:25 ossec-logcollector: DEBUG: Starting ... >>> >> > Started ossec-logcollector... >>> >> > 2016/02/10 14:27:25 ossec-syscheckd: DEBUG: Starting ... >>> >> > 2016/02/10 14:27:25 syscheckd: Reading Configuration [/var/ossec/etc/ossec.conf] >>> >> > 2016/02/10 14:27:25 syscheckd: Reading Client Configuration [/var/ossec/etc/ossec.conf] >>> >> > 2016/02/10 14:27:25 ossec-rootcheck: DEBUG: Starting ... >>> >> > 2016/02/10 14:27:25 ossec-rootcheck: Starting queue ... >>> >> > 2016/02/10 14:27:28 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>> >> > 2016/02/10 14:27:28 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>> >> > 2016/02/10 14:27:36 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>> >> > 2016/02/10 14:27:36 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>> >> > 2016/02/10 14:27:49 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >>> >> > 2016/02/10 14:27:49 ossec-rootcheck(1211): ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue'. Giving up.. >>> >> > ossec-syscheckd did not start >>> >> > >>> >> > >>> >> > please any suggestions because this servers are very important for monitoring logs. >>> >> > >>> >> >>> >> Check the ossec.log for more detailed log messages. >>> >> >>> >> > Many thanks, >>> >> > Maxim Surdu >>> >> > >>> >> > -- >>> >> > >>> >> > --- >>> >> > You received this message because you are subscribed to the Google Groups "ossec-list" group. >>> >> > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. >>> >> >>> >> > For more options, visit https://groups.google.com/d/optout. >>> > >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google Groups "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. >>> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
