These are my udp ports: udp 0 0 0.0.0.0:161 0.0.0.0:* udp 0 0 0.0.0.0:8231 0.0.0.0:* udp 0 0 127.0.0.1:703 0.0.0.0:* udp 0 0 0.0.0.0:51797 0.0.0.0:* udp 0 0 127.0.0.1:3030 0.0.0.0:* udp 0 0 0.0.0.0:111 0.0.0.0:* udp 0 0 0.0.0.0:627 0.0.0.0:* udp 0 0 10.77.1.147:123 0.0.0.0:* udp 0 0 127.0.0.1:123 0.0.0.0:* udp 0 0 0.0.0.0:123 0.0.0.0:* udp 0 0 :::41574 :::* udp 0 0 :::111 :::* udp 0 0 :::627 :::* udp 0 0 fe80::250:56ff:fe88:2b2b:123 :::* udp 0 0 ::1:123 :::* udp 0 0 :::123 :::*
On the remote section I've got the following ( the documentation says it will take default values ) <remote> <connection>secure</connection> </remote> Thank you for your time and support Regards El martes, 11 de octubre de 2016, 15:22:03 (UTC-3), Kernel Panic escribió: > > Hi guys, > Yes, I've been reading the error on the list, lots of cases and I got it > too but I run out of idea. > > The log: > > 2016/10/11 13:04:40 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2016/10/11 13:04:40 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2016/10/11 13:04:46 ossec-logcollector(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2016/10/11 13:04:46 ossec-logcollector(1211): ERROR: Unable to access > queue: '/var/ossec/queue/ossec/queue'. Giving up.. > 2016/10/11 13:04:48 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2016/10/11 13:04:48 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2016/10/11 13:05:01 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2016/10/11 13:05:01 ossec-rootcheck(1211): ERROR: Unable to access queue: > '/var/ossec/queue/ossec/queue'. Giving up.. > > The queue > srw-rw----. 1 ossec ossec 0 Oct 11 13:04 /var/ossec/queue/ossec/queue > > Also read the local_rules may have issues, tested with -t and no errors > displayed also with xmllint > > xmllint local_rules.xml > <?xml version="1.0"?> > --SNIP- > </group> > <!-- SYSLOG,LOCAL --> > <!-- EOF --> > > There is a file also under /var/ossec/etc/decoder.xml that seems not good > , is that correct? > xmllint decoder.xml > decoder.xml:52: parser error : Extra content at the end of the document > <decoder name="pam"> > ^ > > And found this: > > xmllint ossec.conf > ossec.conf:74: parser error : Comment not terminated > <!-- Frequency that syscheck is executed > <!-- Frequency that syscheck is executed -- default every 20 hours --> > > Line 74, what's missing here? > > <syscheck> > <!-- Frequency that syscheck is executed -- default every 20 hours --> > <frequency>72000</frequency> > > > > > > ossec-hids-2.8.3-53.el6.art.x86_64 > ossec-hids-server-2.8.3-53.el6.art.x86_64 > ossec-wui-0.8-4.el6.art.noarch > > Thanks for your time and support > Regards > > > > > > > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.