These are my udp ports:
udp 0 0 0.0.0.0:161 0.0.0.0:*
udp 0 0 0.0.0.0:8231 0.0.0.0:*
udp 0 0 127.0.0.1:703 0.0.0.0:*
udp 0 0 0.0.0.0:51797 0.0.0.0:*
udp 0 0 127.0.0.1:3030 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 0.0.0.0:627 0.0.0.0:*
udp 0 0 10.77.1.147:123 0.0.0.0:*
udp 0 0 127.0.0.1:123 0.0.0.0:*
udp 0 0 0.0.0.0:123 0.0.0.0:*
udp 0 0 :::41574 :::*
udp 0 0 :::111 :::*
udp 0 0 :::627 :::*
udp 0 0 fe80::250:56ff:fe88:2b2b:123 :::*
udp 0 0 ::1:123 :::*
udp 0 0 :::123 :::*
On the remote section I've got the following ( the documentation says it
will take default values )
<remote>
<connection>secure</connection>
</remote>
Thank you for your time and support
Regards
El martes, 11 de octubre de 2016, 15:22:03 (UTC-3), Kernel Panic escribió:
>
> Hi guys,
> Yes, I've been reading the error on the list, lots of cases and I got it
> too but I run out of idea.
>
> The log:
>
> 2016/10/11 13:04:40 ossec-syscheckd(1210): ERROR: Queue
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> 2016/10/11 13:04:40 ossec-rootcheck(1210): ERROR: Queue
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> 2016/10/11 13:04:46 ossec-logcollector(1210): ERROR: Queue
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> 2016/10/11 13:04:46 ossec-logcollector(1211): ERROR: Unable to access
> queue: '/var/ossec/queue/ossec/queue'. Giving up..
> 2016/10/11 13:04:48 ossec-syscheckd(1210): ERROR: Queue
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> 2016/10/11 13:04:48 ossec-rootcheck(1210): ERROR: Queue
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> 2016/10/11 13:05:01 ossec-syscheckd(1210): ERROR: Queue
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> 2016/10/11 13:05:01 ossec-rootcheck(1211): ERROR: Unable to access queue:
> '/var/ossec/queue/ossec/queue'. Giving up..
>
> The queue
> srw-rw----. 1 ossec ossec 0 Oct 11 13:04 /var/ossec/queue/ossec/queue
>
> Also read the local_rules may have issues, tested with -t and no errors
> displayed also with xmllint
>
> xmllint local_rules.xml
> <?xml version="1.0"?>
> --SNIP-
> </group>
> <!-- SYSLOG,LOCAL -->
> <!-- EOF -->
>
> There is a file also under /var/ossec/etc/decoder.xml that seems not good
> , is that correct?
> xmllint decoder.xml
> decoder.xml:52: parser error : Extra content at the end of the document
> <decoder name="pam">
> ^
>
> And found this:
>
> xmllint ossec.conf
> ossec.conf:74: parser error : Comment not terminated
> <!-- Frequency that syscheck is executed
> <!-- Frequency that syscheck is executed -- default every 20 hours -->
>
> Line 74, what's missing here?
>
> <syscheck>
> <!-- Frequency that syscheck is executed -- default every 20 hours -->
> <frequency>72000</frequency>
>
>
>
>
>
> ossec-hids-2.8.3-53.el6.art.x86_64
> ossec-hids-server-2.8.3-53.el6.art.x86_64
> ossec-wui-0.8-4.el6.art.noarch
>
> Thanks for your time and support
> Regards
>
>
>
>
>
>
>
>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
