Dear All Please bare my simple overview, Request some guidance in addressing issue
In our Linux system, we are trying to incorporate intrusion detection and file integrity monitoring alerts. For this OSSEC seems to be best open source option available in market. System Configuration: Ossec in server Mode : Debian 8 (Jessie) Binary : Used ./install.sh from source (https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz) with *server *option. The compilation was succesful : root@debian:/opt/ossecData# /opt/venkat/ossecData/bin/ossec-control status ossec-monitord is running... ossec-logcollector is running... ossec-remoted is running... ossec-syscheckd is running... ossec-analysisd is running... ossec-maild is running... ossec-execd is running... System is running fine. However, tried the same in CLIENT machine () Ossec in server Mode : Debian 6 (Squeeze) Binary : Used ./install.sh from source (https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz) with *agent *option. Installation completed successfully, when i tried to start ossces agent : root@vir-deb:/opt/ossecData# /opt/ossecData/bin/ossec-control start Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)... Deleting PID file '/opt/ossecData/var/run/ossec-logcollector-5760.pid' not used... Deleting PID file '/opt/ossecData/var/run/ossec-agentd-5756.pid' not used... ossec-execd already running... 2016/05/24 15:25:16 ossec-agentd: INFO: Using notify time: 600 and max time to reconnect: 1800 Started ossec-agentd... Started ossec-logcollector... 2016/05/24 15:25:19 ossec-syscheckd(1210): ERROR: Queue '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. 2016/05/24 15:25:19 ossec-rootcheck(1210): ERROR: Queue '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. 2016/05/24 15:25:27 ossec-syscheckd(1210): ERROR: Queue '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. 2016/05/24 15:25:27 ossec-rootcheck(1210): ERROR: Queue '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. 2016/05/24 15:25:40 ossec-syscheckd(1210): ERROR: Queue '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. 2016/05/24 15:25:40 ossec-rootcheck(1211): ERROR: Unable to access queue: '/opt/ossecData/queue/ossec/queue'. Giving up.. I did search on this topic ( http://ossec-docs.readthedocs.io/en/latest/faq/unexpected.html#id50 ) . But nothing worked in my case. According to docs for this error code , they asked to look at the status of ossec-analysisd <http://ossec-docs.readthedocs.io/en/latest/programs/ossec-analysisd.html#ossec-analysisd> . But in my case on my client machine , I am unable to locate ossec-analysisd <http://ossec-docs.readthedocs.io/en/latest/programs/ossec-analysisd.html#ossec-analysisd> . -r-xr-x--- 1 root ossec 247218 May 24 14:39 agent-auth -r-xr-x--- 1 root ossec 250505 May 24 14:39 manage_agents -r-xr-x--- 1 root ossec 501580 May 24 14:39 ossec-agentd -r-xr-x--- 1 root ossec 4834 Oct 13 2015 ossec-control -r-xr-x--- 1 root ossec 105035 May 24 14:38 ossec-execd -r-xr-x--- 1 root ossec 384947 May 24 14:39 ossec-logcollector -r-xr-x--- 1 root ossec 174370 May 18 17:38 ossec-lua -r-xr-x--- 1 root ossec 117632 May 18 17:38 ossec-luac -r-xr-x--- 1 root ossec 499976 May 24 14:39 ossec-syscheckd -r-xr-x--- 1 root ossec 4360 Oct 13 2015 util.sh Am I missing something.. Regards Venkat.S -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
