[ossec-list] how to solve it guys

[hiwot]

[Nisir-node-1] Authentication of [elastic] was terminated by realm 
[reserved] - failed to authenticate user [elastic]

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/0f9bc4c2-d43e-4fac-aa3f-d2129fc66867n%40googlegroups.com.

Re: [ossec-list] Issue install ossec on ubuntu 18 and 20

[dan (ddp)]

On Wed, Jan 13, 2021 at 6:21 AM Kedar Mendhurwar
 wrote:
>
> Hi Folks,
>
> I have been trying to install ossec agent 3.6 on ubuntu 20.4 and each time I 
> try starting the service, I get the error " ERROR: Queue 
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'." I have 
> tried this on a fresh install a couple of times with the same results. I 
> tried on ubuntu 18.4 with ossec version 3.1 with the same results.
>
> I even checked the wiki article 
> https://www.ossec.net/docs/faq/unexpected.html but this has been of no help. 
> According to the DOC " It means that ossec-analysisd is not running for some 
> reason which could be because ossec-analysisd didn’t start properly or 
> ossec-analysisd didn’t start at all.
>
> In my case when I tried starting ossec-analysisd manually, I found it wasn't 
> installed at all. Both Ubuntu versions with two different agent versions 
> resulted in the same error. In ossec documentation, they don't say how one 
> could manually install ossec.
>
> Any help would be greatly appreciated
>

ossec-analysisd is only installed on OSSEC servers or stand alone
systems, not on agents.
How did you install OSSEC on these agents?
Are there any errors before the Queue error in the ossec.log file?
You could try starting the processes manually to see what happens.
Something like (in different terminals because `-df` will keep them in
the foreground):
sudo /var/ossec/bin/ossec-agentd -df
sudo /var/ossec/bin/ossec-logcollector -df
sudo /var/ossec/bin/ossec-syscheckd -df

> --
>
> ---
> You received this message because you are subscribed to the Google Groups 
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ossec-list/f7657696-2a55-4893-8107-e214f92717e1n%40googlegroups.com.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/CAMyQvMr28rS8P5tFj5Z_Aa5cZWg0wEDL5UeUdPju71W3ycpB4A%40mail.gmail.com.

[ossec-list] Issue install ossec on ubuntu 18 and 20

[Kedar Mendhurwar]

Hi Folks,

I have been trying to install ossec agent 3.6 on ubuntu 20.4 and each time 
I try starting the service, I get the error " ERROR: Queue 
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'." I 
have tried this on a fresh install a couple of times with the same results. 
I tried on ubuntu 18.4 with ossec version 3.1 with the same results.

I even checked the wiki article 
https://www.ossec.net/docs/faq/unexpected.html but this has been of no 
help. According to the DOC " It means that ossec-analysisd is not running 
for some reason which could be because ossec-analysisd didn’t start 
properly or ossec-analysisd didn’t start at all.

In my case when I tried starting ossec-analysisd manually, I found it 
wasn't installed at all. Both Ubuntu versions with two different agent 
versions resulted in the same error. In ossec documentation, they don't say 
how one could manually install ossec.

Any help would be greatly appreciated

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/f7657696-2a55-4893-8107-e214f92717e1n%40googlegroups.com.