Re: [ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

On Mon, Apr 10, 2017 at 2:46 PM, Anoop Perayil wrote: > I am running OSSEC on a Security Onion build Ubuntu 14.04.5 LTS. > The issue started after I added in more disk since I ran out of space in / > I really wish SO would partition their system properly. Big /, nothing

Re: [ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

On Mon, Apr 10, 2017 at 2:34 PM, Felix Martel wrote: > Perhaps this is way off base, but have you added an agent for localhost ? In > my context of a new install, a ton of issues went away after I added an > agent for the localhost (name=localhost, IP=127.0.0.1). Didn't

[ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

Yeap, I have an agent on the localhost; actually now that is the only active one. Rest all are disconnected since ossec-remoted is not running On Tuesday, 11 April 2017 00:04:46 UTC+5:30, Felix Martel wrote: > > Perhaps this is way off base, but have you added an agent for localhost ? > In my

Re: [ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

I am running OSSEC on a Security Onion build Ubuntu 14.04.5 LTS. The issue started after I added in more disk since I ran out of space in / On Monday, 10 April 2017 23:52:07 UTC+5:30, Joshua Gimer wrote: > > Do you have SELinux running in an enforcing mode? What is the output of > sestatus? > >

[ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

Perhaps this is way off base, but have you added an agent for localhost ? In my context of a new install, a ton of issues went away after I added an agent for the localhost (name=localhost, IP=127.0.0.1). Didn't export the key or anything. Once I did that, my queue errors went away and my

Re: [ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

Do you have SELinux running in an enforcing mode? What is the output of sestatus? Josh On Wed, Oct 12, 2016 at 8:58 AM, Kernel Panic wrote: > Really do not know, just installed it from repo and tried to start the > service. > > Thanks > Regards > > El martes, 11 de

[ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

I am getting the exact same error - 2017/04/10 18:03:02 ossec-remoted: Unable to open agent file. errno: 13 2017/04/10 18:03:02 ossec-remoted(1103): ERROR: Unable to open file '/queue/rids/1024'. how did you manage to get ossec-remoted back up and running? On Wednesday, 12 October 2016

[ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

Really do not know, just installed it from repo and tried to start the service. Thanks Regards El martes, 11 de octubre de 2016, 15:22:03 (UTC-3), Kernel Panic escribió: > > Hi guys, > Yes, I've been reading the error on the list, lots of cases and I got it > too but I run out of idea. > >

Re: [ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

On Wed, Oct 12, 2016 at 10:30 AM, Kernel Panic wrote: > Hi guys > The remote service was not starting, now it up and running, and have to say > that this was pure pain!! > It would be interesting to find out what happened to your setup to give you such troubles. >

[ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

Hi guys The remote service was not starting, now it up and running, and have to say that this was pure pain!! */var/ossec/bin/ossec-remoted -df* 2016/10/12 09:08:05 ossec-remoted: DEBUG: Starting ... 2016/10/12 09:08:05 ossec-remoted: INFO: Started (pid: 21609). 2016/10/12 09:08:05

[ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

These are my udp ports: udp0 0 0.0.0.0:161 0.0.0.0:* udp0 0 0.0.0.0:82310.0.0.0:* udp0 0 127.0.0.1:703 0.0.0.0:* udp0 0 0.0.0.0:51797 0.0.0.0:* udp0 0 127.0.0.1:3030

[ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

Hi guys Well, after fixing lots of permission it seems it's working now: /var/ossec/bin/ossec-control status ossec-monitord is running... ossec-logcollector is running... ossec-remoted not running... ossec-syscheckd is running... ossec-analysisd is running... ossec-maild is running... ossec-execd

Re: [ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

On Wed, Oct 12, 2016 at 9:09 AM, Kernel Panic wrote: > > chmod 777 /var/ossec/queue/ossec/queue > z77s-tpuppetm01:/var/ossec/logs# /var/ossec/bin/ossec-syscheckd -df > 2016/10/12 08:09:05 ossec-syscheckd: DEBUG: Starting ... > 2016/10/12 08:09:05 ossec-rootcheck: DEBUG:

[ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

chmod 777 /var/ossec/queue/ossec/queue z77s-tpuppetm01:/var/ossec/logs# /var/ossec/bin/ossec-syscheckd -df 2016/10/12 08:09:05 ossec-syscheckd: DEBUG: Starting ... 2016/10/12 08:09:05 ossec-rootcheck: DEBUG: Starting ... 2016/10/12 08:09:05 ossec-rootcheck: Starting queue ... 2016/10/12 08:09:08

[ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

After correcting some permission I've got some upgrades but still some preocess complain about the queue. /var/ossec/bin/ossec-control status ossec-monitord is running... ossec-logcollector is running... ossec-remoted: Process 15564 not used by ossec, removing .. ossec-remoted not running...

[ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue

Hi Did not modify that file, I I realized some of them were in xml format just wanted to check This is what I've get running the services manually with -df 2016/10/12 07:31:20 ossec-syscheckd: DEBUG: Starting ... 2016/10/12 07:31:20 ossec-rootcheck: DEBUG: Starting ... 2016/10/12 07:31:20