On Tue, May 24, 2016 at 7:43 AM, venkat swaminathan <[email protected]> wrote: > Dear All > > Please bare my simple overview, Request some guidance in addressing issue > > In our Linux system, we are trying to incorporate intrusion detection and > file integrity monitoring alerts. For this OSSEC seems to be best open > source option available in market. > ... > However, tried the same in CLIENT machine () > > Ossec in server Mode : Debian 6 (Squeeze) > Binary : Used ./install.sh from source > (https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz) > with agent option. > > Installation completed successfully, > > when i tried to start ossces agent : >
Did you import the key you created on the OSSEC server? > root@vir-deb:/opt/ossecData# /opt/ossecData/bin/ossec-control start > Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)... > Deleting PID file '/opt/ossecData/var/run/ossec-logcollector-5760.pid' not > used... > Deleting PID file '/opt/ossecData/var/run/ossec-agentd-5756.pid' not used... > ossec-execd already running... > 2016/05/24 15:25:16 ossec-agentd: INFO: Using notify time: 600 and max time > to reconnect: 1800 > Started ossec-agentd... > Started ossec-logcollector... > 2016/05/24 15:25:19 ossec-syscheckd(1210): ERROR: Queue > '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. > 2016/05/24 15:25:19 ossec-rootcheck(1210): ERROR: Queue > '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. > 2016/05/24 15:25:27 ossec-syscheckd(1210): ERROR: Queue > '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. > 2016/05/24 15:25:27 ossec-rootcheck(1210): ERROR: Queue > '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. > 2016/05/24 15:25:40 ossec-syscheckd(1210): ERROR: Queue > '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. > 2016/05/24 15:25:40 ossec-rootcheck(1211): ERROR: Unable to access queue: > '/opt/ossecData/queue/ossec/queue'. Giving up.. > > I did search on this topic ( > http://ossec-docs.readthedocs.io/en/latest/faq/unexpected.html#id50 ) . But > nothing worked in my case. > > According to docs for this error code , they asked to look at the status of > ossec-analysisd . But in my case on my client machine , I am unable to > locate ossec-analysisd. > analysisd only exists on the OSSEC server. > > Am I missing something.. > > Regards > Venkat.S > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
