'[ossec-list] Re: Problems with ossec Local'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ossec-list
Subject:    [ossec-list] Re: Problems with ossec Local
From:       "Daniel Cid" <daniel.cid () gmail ! com>
Date:       2006-11-18 3:14:09
Message-ID: b92e6f200611171914h4fc1ed26kd21dc2e27eb54bfb () mail ! gmail ! com
[Download RAW message or body]


The messages you showed us only happen when analysisd is not running
and the other processes try to send messages to it. Analysisd is the one
responsible for creating the queue...

What is strange to me is that these messages should not go to the terminal,
but only to the ossec.log. Did analysisd failed starting at some point? Can you
show us your whole ossec.log file?

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net



On 11/17/06, Nicolas Arias <nicolas.arias@globant.com> wrote:
> Hi Daniel.
>
> I only have ossec for integrity checking, so...
>
> The alerts dont show anything.
>
> the defaults perms for that directory should be?
>
> Cheers!
>
> On Fri, 2006-11-17 at 13:13 -0800, Daniel Ortiz wrote:
> > Hi Nicolas:
> > some suggestions:
> > Check your AIDE,tripwire,etc logs (if you have installed) or syschekd
> > alerts from ossec (maybe can capture the change in the Integrity checksum)
> > Check your ossec.log
> >
> > salu2
> >
> > Zaterio
> >
> >
> >
> > Nicolas Arias wrote:
> > > Update, i have chown -R the queue dir and its working now.
> > >
> > > Dont know why it worked fine till 2 days ago...
> > >
> > > Can you help me to dig around this?, just make the call.
> > >
> > > Cheers!
> > >
> > > On Fri, 2006-11-17 at 10:48 -0300, Nicolas Arias wrote:
> > >
> > >> Hello guys!
> > >>
> > >> I have an Ossec "Local" install, it was working fine, but since 2 days
> > >> ago it stopped working.
> > >>
> > >> When i try to restart the service i get:
> > >>
> > >> Starting OSSEC: 2006/11/17 10:43:41 ossec-syscheckd(1210): Queue
> > >> '/var/ossec/queue/ossec/queue' not accessible.
> > >> 2006/11/17 10:43:41 ossec-rootcheck(1210): Queue
> > >> '/var/ossec/queue/ossec/queue' not accessible.
> > >> 2006/11/17 10:43:49 ossec-syscheckd(1210): Queue
> > >> '/var/ossec/queue/ossec/queue' not accessible.
> > >> 2006/11/17 10:43:49 ossec-rootcheck(1210): Queue
> > >> '/var/ossec/queue/ossec/queue' not accessible.
> > >> 2006/11/17 10:44:02 ossec-syscheckd(1210): Queue
> > >> '/var/ossec/queue/ossec/queue' not accessible.
> > >> 2006/11/17 10:44:02 ossec-rootcheck(1211): Unable to access queue:
> > >> '/var/ossec/queue/ossec/queue'. Giving up..
> > >>                                                            [FAILED]
> > >>
> > >>
> > >> Any help?
> > >>
> > >> Thanks!
> > >>
> > >>
> > >>
> >
> >
> --
>
> Nicolas Arias
> Security  Officer
> +54 11 4109 1885
> +54 9 11 5455 0055
>  nicolas.arias@globant.com
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
>
> iD8DBQBFXeMuwVTLzKsC5zMRAmiXAKC6MBe466cVAZZBXbKa2ie8Ko7P/wCffLGM
> +DTm++P4M5uRdGlgGybtFpw=
> =Yf9v
> -----END PGP SIGNATURE-----
>
>
>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic