On Feb 10, 2016 8:12 AM, "dan (ddp)" <[email protected]> wrote:
>
>
> On Feb 10, 2016 7:51 AM, "Maxim Surdu" <[email protected]> wrote:
> >
> > [root@mx2 ossec]# ll
> > total 16K
> > 4.0K drwxrwxrwx 2 ossec ossec 4.0K Feb 10 14:27 ./
> > 4.0K dr-xr-x--- 7 root  ossec 4.0K Dec 30 09:32 ../
> > 4.0K -rwxrwxrwx 1 ossec ossec   23 Feb 10 12:50 .agent_info*
> >    0 srw-rw---- 1 ossec ossec    0 Feb 10 14:27 queue=
> >    0 srwxrwxrwx 1 ossec ossec    0 Feb 10 12:18 queue_=
> > 4.0K -rwxrwxrwx 1 ossec ossec    1 Feb 10 12:03 .wait*
> >
> >
>
> You have working agents, I'm on a train. Compare those perms to a working
agent.
> Also Try reimporting the key again.
>

And maybe try starting agentd with "-df"

> > miercuri, 10 februarie 2016, 14:49:58 UTC+2, Maxim Surdu a scris:
> >>
> >> [root@mx2 bin]# ll
> >> total 2.4M
> >> 4.0K dr-xr-x---  2 root ossec 4.0K Dec 30 09:32 ./
> >> 4.0K dr-xr-x--- 11 root ossec 4.0K Dec 30 09:32 ../
> >> 192K -r-xr-x---  1 root ossec 189K Dec 30 09:32 agent-auth*
> >> 268K -r-xr-x---  1 root ossec 267K Dec 30 09:32 manage_agents*
> >> 540K -r-xr-x---  1 root ossec 540K Dec 30 09:32 ossec-agentd*
> >> 8.0K -r-xr-x---  1 root ossec 4.8K Oct 13 00:21 ossec-control*
> >> 116K -r-xr-x---  1 root ossec 115K Dec 30 09:31 ossec-execd*
> >> 412K -r-xr-x---  1 root ossec 411K Dec 30 09:32 ossec-logcollector*
> >> 216K -r-xr-x---  1 root ossec 213K Dec 30 09:31 ossec-lua*
> >> 148K -r-xr-x---  1 root ossec 145K Dec 30 09:31 ossec-luac*
> >> 536K -r-xr-x---  1 root ossec 535K Dec 30 09:32 ossec-syscheckd*
> >> 8.0K -r-xr-x---  1 root ossec 4.3K Oct 13 00:21 util.sh*
> >>
> >>
> >> miercuri, 10 februarie 2016, 14:48:06 UTC+2, dan (ddpbsd) a scris:
> >>>
> >>>
> >>> On Feb 10, 2016 7:38 AM, "Maxim Surdu" <[email protected]> wrote:
> >>> >
> >>> > [root@mx2 bin]# tail -f /var/ossec/logs/ossec.log
> >>> > 2016/02/10 14:27:25 ossec-rootcheck: DEBUG: Starting ...
> >>> > 2016/02/10 14:27:25 ossec-rootcheck: Starting queue ...
> >>> > 2016/02/10 14:27:28 ossec-syscheckd(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >>> > 2016/02/10 14:27:28 ossec-rootcheck(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >>> > 2016/02/10 14:27:34 ossec-logcollector(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >>> > 2016/02/10 14:27:34 ossec-logcollector(1211): ERROR: Unable to
access queue: '/var/ossec/queue/ossec/queue'. Giving up..
> >>> > 2016/02/10 14:27:36 ossec-syscheckd(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >>> > 2016/02/10 14:27:36 ossec-rootcheck(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >>> > 2016/02/10 14:27:49 ossec-syscheckd(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >>> > 2016/02/10 14:27:49 ossec-rootcheck(1211): ERROR: Unable to access
queue: '/var/ossec/queue/ossec/queue'. Giving up..
> >>> >
> >>> >
> >>>
> >>> Check the permissions of the queue directory and files.
> >>> Check any selinux or similar logs.
> >>> Reinstall?
> >>>
> >>> >
> >>> > the same
> >>> >
> >>> >
> >>> > miercuri, 10 februarie 2016, 14:36:42 UTC+2, dan (ddpbsd) a scris:
> >>> >>
> >>> >>
> >>> >> On Feb 10, 2016 7:32 AM, "Maxim Surdu" <[email protected]> wrote:
> >>> >> >
> >>> >> > Hi dear community,
> >>> >> >
> >>> >> > i install and configure about 10 agents
> >>> >> >
> >>> >> > but one of then after install client key did not start
> >>> >> >
> >>> >> >
> >>> >> > [root@mx2 bin]# ./ossec-control start
> >>> >> > Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)...
> >>> >> > Started ossec-execd...
> >>> >> > 2016/02/10 14:27:25 ossec-agentd: INFO: Using notify time: 600
and max time to reconnect: 1800
> >>> >> > Started ossec-agentd...
> >>> >> > 2016/02/10 14:27:25 ossec-logcollector: DEBUG: Starting ...
> >>> >> > Started ossec-logcollector...
> >>> >> > 2016/02/10 14:27:25 ossec-syscheckd: DEBUG: Starting ...
> >>> >> > 2016/02/10 14:27:25 syscheckd: Reading Configuration
[/var/ossec/etc/ossec.conf]
> >>> >> > 2016/02/10 14:27:25 syscheckd: Reading Client Configuration
[/var/ossec/etc/ossec.conf]
> >>> >> > 2016/02/10 14:27:25 ossec-rootcheck: DEBUG: Starting ...
> >>> >> > 2016/02/10 14:27:25 ossec-rootcheck: Starting queue ...
> >>> >> > 2016/02/10 14:27:28 ossec-syscheckd(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >>> >> > 2016/02/10 14:27:28 ossec-rootcheck(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >>> >> > 2016/02/10 14:27:36 ossec-syscheckd(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >>> >> > 2016/02/10 14:27:36 ossec-rootcheck(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >>> >> > 2016/02/10 14:27:49 ossec-syscheckd(1210): ERROR: Queue
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> >>> >> > 2016/02/10 14:27:49 ossec-rootcheck(1211): ERROR: Unable to
access queue: '/var/ossec/queue/ossec/queue'. Giving up..
> >>> >> > ossec-syscheckd did not start
> >>> >> >
> >>> >> >
> >>> >> > please any suggestions because this servers are very important
for monitoring logs.
> >>> >> >
> >>> >>
> >>> >> Check the ossec.log for more detailed log messages.
> >>> >>
> >>> >> > Many thanks,
> >>> >> > Maxim Surdu
> >>> >> >
> >>> >> > --
> >>> >> >
> >>> >> > ---
> >>> >> > You received this message because you are subscribed to the
Google Groups "ossec-list" group.
> >>> >> > To unsubscribe from this group and stop receiving emails from
it, send an email to [email protected].
> >>> >>
> >>> >> > For more options, visit https://groups.google.com/d/optout.
> >>> >
> >>> > --
> >>> >
> >>> > ---
> >>> > You received this message because you are subscribed to the Google
Groups "ossec-list" group.
> >>> > To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
> >>> > For more options, visit https://groups.google.com/d/optout.
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
Groups "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
> > For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to