Re: [ossec-list] ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'

Thu, 04 Oct 2018 00:30:46 -0700 

Hi

i check my audit log relative to ossec but cann't find why ossec cann't 
access  '/var/ossec/queue/ossec/queue'

type=SERVICE_START msg=audit(1537893567.527:2919): pid=1 uid=0 
auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 
msg='unit=ossec-hids comm="systemd" exe="/usr/lib/systemd/systemd" 
hostname=? addr=? terminal=? res=failed'
type=AVC msg=audit(1538308638.593:4576): avc:  denied  { read write } for  
pid=9787 comm="logrotate" name="ossec.log" dev="0:39" 
ino=17925539076010750948 
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:nfs_t:s0 tclass=file

Thanks a lot your help

dan (ddpbsd)於 2018年10月3日星期三 UTC+8下午9時51分40秒寫道:
>
>
>
> On Wed, Oct 3, 2018 at 6:20 AM Judy Chen <[email protected] <javascript:>> 
> wrote:
>
>> Hi 
>>
>> Thanks for your feedback
>>
>> i checked my folder permission and should be OK
>>
>> [root@ip-10-23-207-85 ossec]# pwd
>> /var/ossec
>> [root@ip-10-23-207-85 ossec]# ls -ld queue
>> dr-xr-x---. 11 root ossec 6144 Sep 18 07:58 queue
>>
>> [root@ip-10-23-207-85 ossec]# cd queue/
>> [root@ip-10-23-207-85 queue]# ls -ld ossec
>> drwxrwx---. 2 ossec ossec 6144 Sep 25 05:02 ossec
>>
>> [root@ip-10-23-207-85 queue]# cd ossec/
>> [root@ip-10-23-207-85 ossec]# ls -ld queue
>> srw-rw----. 1 ossec ossec 0 Sep 25 05:02 queue
>>
>> is it possible relative kernel version? ossec-agent seem cannot send log 
>> to server on Red Hat 4.8.3-9. but 4.4.35-33.55. is work (not sure it caused 
>> by AWS AMI or other problem)
>>
>
> I don’t know of any issues with the kernel versions. Check the audit log 
> to see if something is being stopped. /var/log/audit I think
>
>
>
>
>>
>> -- 
>>
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to [email protected] <javascript:>.
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to