On Feb 10, 2016 8:12 AM, "dan (ddp)" <[email protected]> wrote: > > > On Feb 10, 2016 7:51 AM, "Maxim Surdu" <[email protected]> wrote: > > > > [root@mx2 ossec]# ll > > total 16K > > 4.0K drwxrwxrwx 2 ossec ossec 4.0K Feb 10 14:27 ./ > > 4.0K dr-xr-x--- 7 root ossec 4.0K Dec 30 09:32 ../ > > 4.0K -rwxrwxrwx 1 ossec ossec 23 Feb 10 12:50 .agent_info* > > 0 srw-rw---- 1 ossec ossec 0 Feb 10 14:27 queue= > > 0 srwxrwxrwx 1 ossec ossec 0 Feb 10 12:18 queue_= > > 4.0K -rwxrwxrwx 1 ossec ossec 1 Feb 10 12:03 .wait* > > > > > > You have working agents, I'm on a train. Compare those perms to a working agent. > Also Try reimporting the key again. >
And maybe try starting agentd with "-df" > > miercuri, 10 februarie 2016, 14:49:58 UTC+2, Maxim Surdu a scris: > >> > >> [root@mx2 bin]# ll > >> total 2.4M > >> 4.0K dr-xr-x--- 2 root ossec 4.0K Dec 30 09:32 ./ > >> 4.0K dr-xr-x--- 11 root ossec 4.0K Dec 30 09:32 ../ > >> 192K -r-xr-x--- 1 root ossec 189K Dec 30 09:32 agent-auth* > >> 268K -r-xr-x--- 1 root ossec 267K Dec 30 09:32 manage_agents* > >> 540K -r-xr-x--- 1 root ossec 540K Dec 30 09:32 ossec-agentd* > >> 8.0K -r-xr-x--- 1 root ossec 4.8K Oct 13 00:21 ossec-control* > >> 116K -r-xr-x--- 1 root ossec 115K Dec 30 09:31 ossec-execd* > >> 412K -r-xr-x--- 1 root ossec 411K Dec 30 09:32 ossec-logcollector* > >> 216K -r-xr-x--- 1 root ossec 213K Dec 30 09:31 ossec-lua* > >> 148K -r-xr-x--- 1 root ossec 145K Dec 30 09:31 ossec-luac* > >> 536K -r-xr-x--- 1 root ossec 535K Dec 30 09:32 ossec-syscheckd* > >> 8.0K -r-xr-x--- 1 root ossec 4.3K Oct 13 00:21 util.sh* > >> > >> > >> miercuri, 10 februarie 2016, 14:48:06 UTC+2, dan (ddpbsd) a scris: > >>> > >>> > >>> On Feb 10, 2016 7:38 AM, "Maxim Surdu" <[email protected]> wrote: > >>> > > >>> > [root@mx2 bin]# tail -f /var/ossec/logs/ossec.log > >>> > 2016/02/10 14:27:25 ossec-rootcheck: DEBUG: Starting ... > >>> > 2016/02/10 14:27:25 ossec-rootcheck: Starting queue ... > >>> > 2016/02/10 14:27:28 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > >>> > 2016/02/10 14:27:28 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > >>> > 2016/02/10 14:27:34 ossec-logcollector(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > >>> > 2016/02/10 14:27:34 ossec-logcollector(1211): ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue'. Giving up.. > >>> > 2016/02/10 14:27:36 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > >>> > 2016/02/10 14:27:36 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > >>> > 2016/02/10 14:27:49 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > >>> > 2016/02/10 14:27:49 ossec-rootcheck(1211): ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue'. Giving up.. > >>> > > >>> > > >>> > >>> Check the permissions of the queue directory and files. > >>> Check any selinux or similar logs. > >>> Reinstall? > >>> > >>> > > >>> > the same > >>> > > >>> > > >>> > miercuri, 10 februarie 2016, 14:36:42 UTC+2, dan (ddpbsd) a scris: > >>> >> > >>> >> > >>> >> On Feb 10, 2016 7:32 AM, "Maxim Surdu" <[email protected]> wrote: > >>> >> > > >>> >> > Hi dear community, > >>> >> > > >>> >> > i install and configure about 10 agents > >>> >> > > >>> >> > but one of then after install client key did not start > >>> >> > > >>> >> > > >>> >> > [root@mx2 bin]# ./ossec-control start > >>> >> > Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)... > >>> >> > Started ossec-execd... > >>> >> > 2016/02/10 14:27:25 ossec-agentd: INFO: Using notify time: 600 and max time to reconnect: 1800 > >>> >> > Started ossec-agentd... > >>> >> > 2016/02/10 14:27:25 ossec-logcollector: DEBUG: Starting ... > >>> >> > Started ossec-logcollector... > >>> >> > 2016/02/10 14:27:25 ossec-syscheckd: DEBUG: Starting ... > >>> >> > 2016/02/10 14:27:25 syscheckd: Reading Configuration [/var/ossec/etc/ossec.conf] > >>> >> > 2016/02/10 14:27:25 syscheckd: Reading Client Configuration [/var/ossec/etc/ossec.conf] > >>> >> > 2016/02/10 14:27:25 ossec-rootcheck: DEBUG: Starting ... > >>> >> > 2016/02/10 14:27:25 ossec-rootcheck: Starting queue ... > >>> >> > 2016/02/10 14:27:28 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > >>> >> > 2016/02/10 14:27:28 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > >>> >> > 2016/02/10 14:27:36 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > >>> >> > 2016/02/10 14:27:36 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > >>> >> > 2016/02/10 14:27:49 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > >>> >> > 2016/02/10 14:27:49 ossec-rootcheck(1211): ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue'. Giving up.. > >>> >> > ossec-syscheckd did not start > >>> >> > > >>> >> > > >>> >> > please any suggestions because this servers are very important for monitoring logs. > >>> >> > > >>> >> > >>> >> Check the ossec.log for more detailed log messages. > >>> >> > >>> >> > Many thanks, > >>> >> > Maxim Surdu > >>> >> > > >>> >> > -- > >>> >> > > >>> >> > --- > >>> >> > You received this message because you are subscribed to the Google Groups "ossec-list" group. > >>> >> > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > >>> >> > >>> >> > For more options, visit https://groups.google.com/d/optout. > >>> > > >>> > -- > >>> > > >>> > --- > >>> > You received this message because you are subscribed to the Google Groups "ossec-list" group. > >>> > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > >>> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
