Yes, I did add client in server machine and stored the keydata in client.keys
However, if analysisd is not required, what is causing the "ossec-syscheckd(1210): ERROR: Queue '/opt/ossecData/queue/ossec/queue' " On Tuesday, 24 May 2016 18:02:53 UTC+5:30, venkat swaminathan wrote: > > Dear All > > Please bare my simple overview, Request some guidance in addressing issue > > In our Linux system, we are trying to incorporate intrusion detection and > file integrity monitoring alerts. For this OSSEC seems to be best open > source option available in market. > > System Configuration: > > Ossec in server Mode : Debian 8 (Jessie) > Binary : Used ./install.sh from source ( > https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz) > > with *server *option. > > The compilation was succesful : > root@debian:/opt/ossecData# > > /opt/venkat/ossecData/bin/ossec-control status > ossec-monitord is running... > ossec-logcollector is running... > ossec-remoted is running... > ossec-syscheckd is running... > ossec-analysisd is running... > ossec-maild is running... > ossec-execd is running... > > System is running fine. > > However, tried the same in CLIENT machine () > > Ossec in server Mode : Debian 6 (Squeeze) > Binary : Used ./install.sh from source ( > https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz) > > with *agent *option. > > Installation completed successfully, > > when i tried to start ossces agent : > > root@vir-deb:/opt/ossecData# /opt/ossecData/bin/ossec-control start > Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)... > Deleting PID file '/opt/ossecData/var/run/ossec-logcollector-5760.pid' not > used... > Deleting PID file '/opt/ossecData/var/run/ossec-agentd-5756.pid' not > used... > ossec-execd already running... > 2016/05/24 15:25:16 ossec-agentd: INFO: Using notify time: 600 and max > time to reconnect: 1800 > Started ossec-agentd... > Started ossec-logcollector... > 2016/05/24 15:25:19 ossec-syscheckd(1210): ERROR: Queue > '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. > 2016/05/24 15:25:19 ossec-rootcheck(1210): ERROR: Queue > '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. > 2016/05/24 15:25:27 ossec-syscheckd(1210): ERROR: Queue > '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. > 2016/05/24 15:25:27 ossec-rootcheck(1210): ERROR: Queue > '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. > 2016/05/24 15:25:40 ossec-syscheckd(1210): ERROR: Queue > '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'. > 2016/05/24 15:25:40 ossec-rootcheck(1211): ERROR: Unable to access queue: > '/opt/ossecData/queue/ossec/queue'. Giving up.. > > I did search on this topic ( > http://ossec-docs.readthedocs.io/en/latest/faq/unexpected.html#id50 ) . > But nothing worked in my case. > > According to docs for this error code , they asked to look at the status > of ossec-analysisd > <http://ossec-docs.readthedocs.io/en/latest/programs/ossec-analysisd.html#ossec-analysisd> > . > But in my case on my client machine , I am unable to locate > ossec-analysisd > <http://ossec-docs.readthedocs.io/en/latest/programs/ossec-analysisd.html#ossec-analysisd> > . > > -r-xr-x--- 1 root ossec 247218 May 24 14:39 agent-auth > -r-xr-x--- 1 root ossec 250505 May 24 14:39 manage_agents > -r-xr-x--- 1 root ossec 501580 May 24 14:39 ossec-agentd > -r-xr-x--- 1 root ossec 4834 Oct 13 2015 ossec-control > -r-xr-x--- 1 root ossec 105035 May 24 14:38 ossec-execd > -r-xr-x--- 1 root ossec 384947 May 24 14:39 ossec-logcollector > -r-xr-x--- 1 root ossec 174370 May 18 17:38 ossec-lua > -r-xr-x--- 1 root ossec 117632 May 18 17:38 ossec-luac > -r-xr-x--- 1 root ossec 499976 May 24 14:39 ossec-syscheckd > -r-xr-x--- 1 root ossec 4360 Oct 13 2015 util.sh > > Am I missing something.. > > Regards > Venkat.S > > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
