In adition the host send alerts to my email but still disconnected... how can it be?
=S El jueves, 3 de agosto de 2017, 12:48:04 (UTC-5), Carlos Islas escribió: > > Hi Jose, > > Thanks for your answer, i send you the log: > > 2017/08/01 13:44:10 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 15:19:33 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 15:19:37 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 15:22:01 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 15:22:06 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 15:22:06 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 15:41:06 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 15:58:14 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 15:58:20 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 15:58:20 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 16:06:12 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 16:06:17 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 16:06:17 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 16:36:50 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 16:36:55 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 16:36:55 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 16:54:19 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 16:54:24 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 16:54:24 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 16:55:02 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 16:55:12 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 16:55:17 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 16:55:17 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 17:00:35 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 17:00:40 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 17:00:40 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 17:04:19 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 17:04:25 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 17:04:25 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 17:08:15 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 17:08:20 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 17:08:20 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 17:09:00 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 17:09:05 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 17:09:05 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 17:09:57 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 17:10:02 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 17:10:02 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 17:11:30 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 17:11:35 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 17:11:35 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 17:21:08 ossec-maild(1207): ERROR: Unable to switch to group: > 'ossec' > . > 2017/08/01 17:21:08 ossec-execd(1207): ERROR: Unable to switch to group: > 'ossec' > . > 2017/08/01 17:22:11 ossec-logcollector(1224): ERROR: Error sending message > to qu > eue. > 2017/08/01 17:22:14 ossec-logcollector(1210): ERROR: Queue > '/var/ossec/queue/oss > ec/queue' not accessible: 'Connection refused'. > 2017/08/01 17:22:14 ossec-logcollector(1211): ERROR: Unable to access > queue: '/v > ar/ossec/queue/ossec/queue'. Giving up.. > 2017/08/01 17:22:23 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 17:22:28 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 17:22:28 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 17:26:34 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 17:26:38 ossec-rootcheck(1224): ERROR: Error sending message to > queue > . > 2017/08/01 17:26:39 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 17:26:39 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 17:27:30 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 17:27:35 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 17:27:35 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 17:28:58 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 17:29:03 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 17:29:03 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 17:30:08 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /003'. > 2017/08/01 17:30:13 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 17:30:13 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 17:31:35 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /003'. > 2017/08/01 17:31:41 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 17:31:41 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 17:32:08 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /998'. > 2017/08/01 17:32:13 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 17:32:13 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 17:39:26 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 17:39:32 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 17:39:32 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 18:00:16 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /001'. > 2017/08/01 18:00:21 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 18:00:21 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 18:07:19 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/01 18:07:25 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/01 18:07:29 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/01 18:07:34 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/01 18:07:40 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/01 18:20:25 ossec-remoted(1206): ERROR: Unable to Bind port '1514' > 2017/08/01 18:20:53 ossec-remoted(1210): ERROR: Queue '/queue/ossec/queue' > not a > ccessible: 'Connection refused'. > 2017/08/01 18:20:53 ossec-remoted(1211): ERROR: Unable to access queue: > '/queue/ > ossec/queue'. Giving up.. > 2017/08/01 18:22:44 ossec-remoted(1210): ERROR: Queue '/queue/ossec/queue' > not a > ccessible: 'Connection refused'. > 2017/08/01 18:22:44 ossec-remoted(1211): ERROR: Unable to access queue: > '/queue/ > ossec/queue'. Giving up.. > 2017/08/01 18:24:44 ossec-remoted(1210): ERROR: Queue '/queue/ossec/queue' > not a > ccessible: 'Connection refused'. > 2017/08/01 18:24:44 ossec-remoted(1211): ERROR: Unable to access queue: > '/queue/ > ossec/queue'. Giving up.. > 2017/08/01 18:26:01 ossec-remoted(1210): ERROR: Queue '/queue/ossec/queue' > not a > ccessible: 'Connection refused'. > 2017/08/01 18:26:01 ossec-remoted(1211): ERROR: Unable to access queue: > '/queue/ > ossec/queue'. Giving up.. > 2017/08/01 18:26:18 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/ > queue' not accessible: 'Connection refused'. > 2017/08/01 18:26:18 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/ > queue' not accessible: 'Connection refused'. > 2017/08/01 18:26:26 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/ > queue' not accessible: 'Connection refused'. > 2017/08/01 18:26:26 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/ > queue' not accessible: 'Connection refused'. > 2017/08/01 18:26:39 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/ > queue' not accessible: 'Connection refused'. > 2017/08/01 18:26:39 ossec-rootcheck(1211): ERROR: Unable to access queue: > '/var/ > ossec/queue/ossec/queue'. Giving up.. > 2017/08/01 18:33:07 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /004'. > 2017/08/01 18:33:12 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 18:33:12 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 18:34:25 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /004'. > 2017/08/01 18:34:30 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 18:34:30 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 18:51:32 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /004'. > 2017/08/01 18:51:38 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 18:51:38 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 19:00:54 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /004'. > 2017/08/01 19:00:59 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 19:00:59 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 19:04:31 ossec-remoted(1103): ERROR: Unable to open file > '/queue/rids > /999'. > 2017/08/01 19:04:36 ossec-analysisd(1210): ERROR: Queue '/queue/alerts/ar' > not a > ccessible: 'Connection refused'. > 2017/08/01 19:04:36 ossec-analysisd(1301): ERROR: Unable to connect to > active re > sponse queue. > 2017/08/01 19:10:01 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/01 19:10:07 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/01 19:10:11 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/01 19:10:16 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/01 19:10:22 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/01 20:13:06 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/01 20:13:12 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/01 20:13:16 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/01 20:13:21 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/01 20:13:27 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/01 21:47:54 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/01 21:48:00 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/01 21:48:04 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/01 21:48:09 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/01 21:48:15 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/01 22:19:11 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/01 22:19:17 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/01 22:19:21 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/01 22:19:26 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/01 22:19:32 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 00:25:34 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 00:25:40 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 00:25:44 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 00:25:49 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 00:25:55 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 00:26:05 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 00:26:11 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 00:26:15 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 00:26:20 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 00:26:26 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 02:32:15 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 02:32:21 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 02:32:25 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 02:32:30 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 02:32:36 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 03:04:34 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 03:04:40 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 03:04:44 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 03:04:49 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 03:04:55 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 04:39:14 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 04:39:20 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 04:39:24 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 04:39:29 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 04:39:35 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 05:43:21 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 05:43:27 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 05:43:31 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 05:43:36 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 05:43:42 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 06:46:31 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 06:46:37 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 06:46:41 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 06:46:46 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 06:46:52 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 08:22:26 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 08:22:32 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 08:22:36 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 08:22:41 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 08:22:47 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > m '172.27.1.122'. > 2017/08/02 08:54:06 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 08:54:12 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 08:54:16 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 08:54:21 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 08:54:27 ossec-remoted(1407): ERROR: Duplicated counter for > 'posmexng > s'. > 2017/08/02 11:01:49 ossec-remoted(1403): ERROR: Incorrectly formated > message fro > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.