I resolve my problem with reinstall the agent, Dan thank you very much for your trying to help me ;)
miercuri, 10 februarie 2016, 15:19:15 UTC+2, Maxim Surdu a scris: > > # This file controls the state of SELinux on the system. > # SELINUX= can take one of these three values: > # enforcing - SELinux security policy is enforced. > # permissive - SELinux prints warnings instead of enforcing. > # disabled - No SELinux policy is loaded. > SELINUX=disabled > # SELINUXTYPE= can take one of these two values: > # targeted - Targeted processes are protected, > # mls - Multi Level Security protection. > SELINUXTYPE=targeted > > i will Try reimporting the key again And maybe try starting agentd with > "-df" > > and if now will working i will try to reinstall agent > and will come with output :) > > miercuri, 10 februarie 2016, 15:14:04 UTC+2, dan (ddpbsd) a scris: >> >> >> On Feb 10, 2016 8:12 AM, "dan (ddp)" <[email protected]> wrote: >> > >> > >> > On Feb 10, 2016 7:51 AM, "Maxim Surdu" <[email protected]> wrote: >> > > >> > > [root@mx2 ossec]# ll >> > > total 16K >> > > 4.0K drwxrwxrwx 2 ossec ossec 4.0K Feb 10 14:27 ./ >> > > 4.0K dr-xr-x--- 7 root ossec 4.0K Dec 30 09:32 ../ >> > > 4.0K -rwxrwxrwx 1 ossec ossec 23 Feb 10 12:50 .agent_info* >> > > 0 srw-rw---- 1 ossec ossec 0 Feb 10 14:27 queue= >> > > 0 srwxrwxrwx 1 ossec ossec 0 Feb 10 12:18 queue_= >> > > 4.0K -rwxrwxrwx 1 ossec ossec 1 Feb 10 12:03 .wait* >> > > >> > > >> > >> > You have working agents, I'm on a train. Compare those perms to a >> working agent. >> > Also Try reimporting the key again. >> > >> >> And maybe try starting agentd with "-df" >> >> > > miercuri, 10 februarie 2016, 14:49:58 UTC+2, Maxim Surdu a scris: >> > >> >> > >> [root@mx2 bin]# ll >> > >> total 2.4M >> > >> 4.0K dr-xr-x--- 2 root ossec 4.0K Dec 30 09:32 ./ >> > >> 4.0K dr-xr-x--- 11 root ossec 4.0K Dec 30 09:32 ../ >> > >> 192K -r-xr-x--- 1 root ossec 189K Dec 30 09:32 agent-auth* >> > >> 268K -r-xr-x--- 1 root ossec 267K Dec 30 09:32 manage_agents* >> > >> 540K -r-xr-x--- 1 root ossec 540K Dec 30 09:32 ossec-agentd* >> > >> 8.0K -r-xr-x--- 1 root ossec 4.8K Oct 13 00:21 ossec-control* >> > >> 116K -r-xr-x--- 1 root ossec 115K Dec 30 09:31 ossec-execd* >> > >> 412K -r-xr-x--- 1 root ossec 411K Dec 30 09:32 ossec-logcollector* >> > >> 216K -r-xr-x--- 1 root ossec 213K Dec 30 09:31 ossec-lua* >> > >> 148K -r-xr-x--- 1 root ossec 145K Dec 30 09:31 ossec-luac* >> > >> 536K -r-xr-x--- 1 root ossec 535K Dec 30 09:32 ossec-syscheckd* >> > >> 8.0K -r-xr-x--- 1 root ossec 4.3K Oct 13 00:21 util.sh* >> > >> >> > >> >> > >> miercuri, 10 februarie 2016, 14:48:06 UTC+2, dan (ddpbsd) a scris: >> > >>> >> > >>> >> > >>> On Feb 10, 2016 7:38 AM, "Maxim Surdu" <[email protected]> wrote: >> > >>> > >> > >>> > [root@mx2 bin]# tail -f /var/ossec/logs/ossec.log >> > >>> > 2016/02/10 14:27:25 ossec-rootcheck: DEBUG: Starting ... >> > >>> > 2016/02/10 14:27:25 ossec-rootcheck: Starting queue ... >> > >>> > 2016/02/10 14:27:28 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > >>> > 2016/02/10 14:27:28 ossec-rootcheck(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > >>> > 2016/02/10 14:27:34 ossec-logcollector(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > >>> > 2016/02/10 14:27:34 ossec-logcollector(1211): ERROR: Unable to >> access queue: '/var/ossec/queue/ossec/queue'. Giving up.. >> > >>> > 2016/02/10 14:27:36 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > >>> > 2016/02/10 14:27:36 ossec-rootcheck(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > >>> > 2016/02/10 14:27:49 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > >>> > 2016/02/10 14:27:49 ossec-rootcheck(1211): ERROR: Unable to >> access queue: '/var/ossec/queue/ossec/queue'. Giving up.. >> > >>> > >> > >>> > >> > >>> >> > >>> Check the permissions of the queue directory and files. >> > >>> Check any selinux or similar logs. >> > >>> Reinstall? >> > >>> >> > >>> > >> > >>> > the same >> > >>> > >> > >>> > >> > >>> > miercuri, 10 februarie 2016, 14:36:42 UTC+2, dan (ddpbsd) a scris: >> > >>> >> >> > >>> >> >> > >>> >> On Feb 10, 2016 7:32 AM, "Maxim Surdu" <[email protected]> >> wrote: >> > >>> >> > >> > >>> >> > Hi dear community, >> > >>> >> > >> > >>> >> > i install and configure about 10 agents >> > >>> >> > >> > >>> >> > but one of then after install client key did not start >> > >>> >> > >> > >>> >> > >> > >>> >> > [root@mx2 bin]# ./ossec-control start >> > >>> >> > Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)... >> > >>> >> > Started ossec-execd... >> > >>> >> > 2016/02/10 14:27:25 ossec-agentd: INFO: Using notify time: 600 >> and max time to reconnect: 1800 >> > >>> >> > Started ossec-agentd... >> > >>> >> > 2016/02/10 14:27:25 ossec-logcollector: DEBUG: Starting ... >> > >>> >> > Started ossec-logcollector... >> > >>> >> > 2016/02/10 14:27:25 ossec-syscheckd: DEBUG: Starting ... >> > >>> >> > 2016/02/10 14:27:25 syscheckd: Reading Configuration >> [/var/ossec/etc/ossec.conf] >> > >>> >> > 2016/02/10 14:27:25 syscheckd: Reading Client Configuration >> [/var/ossec/etc/ossec.conf] >> > >>> >> > 2016/02/10 14:27:25 ossec-rootcheck: DEBUG: Starting ... >> > >>> >> > 2016/02/10 14:27:25 ossec-rootcheck: Starting queue ... >> > >>> >> > 2016/02/10 14:27:28 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > >>> >> > 2016/02/10 14:27:28 ossec-rootcheck(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > >>> >> > 2016/02/10 14:27:36 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > >>> >> > 2016/02/10 14:27:36 ossec-rootcheck(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > >>> >> > 2016/02/10 14:27:49 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> > >>> >> > 2016/02/10 14:27:49 ossec-rootcheck(1211): ERROR: Unable to >> access queue: '/var/ossec/queue/ossec/queue'. Giving up.. >> > >>> >> > ossec-syscheckd did not start >> > >>> >> > >> > >>> >> > >> > >>> >> > please any suggestions because this servers are very important >> for monitoring logs. >> > >>> >> > >> > >>> >> >> > >>> >> Check the ossec.log for more detailed log messages. >> > >>> >> >> > >>> >> > Many thanks, >> > >>> >> > Maxim Surdu >> > >>> >> > >> > >>> >> > -- >> > >>> >> > >> > >>> >> > --- >> > >>> >> > You received this message because you are subscribed to the >> Google Groups "ossec-list" group. >> > >>> >> > To unsubscribe from this group and stop receiving emails from >> it, send an email to [email protected]. >> > >>> >> >> > >>> >> > For more options, visit https://groups.google.com/d/optout. >> > >>> > >> > >>> > -- >> > >>> > >> > >>> > --- >> > >>> > You received this message because you are subscribed to the >> Google Groups "ossec-list" group. >> > >>> > To unsubscribe from this group and stop receiving emails from it, >> send an email to [email protected]. >> > >>> > For more options, visit https://groups.google.com/d/optout. >> > > >> > > -- >> > > >> > > --- >> > > You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> > > To unsubscribe from this group and stop receiving emails from it, >> send an email to [email protected]. >> > > For more options, visit https://groups.google.com/d/optout. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
