'[ossec-list] Re: error message'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ossec-list
Subject:    [ossec-list] Re: error message
From:       dasec <daniel.asselin () lacaisse ! com>
Date:       2009-12-17 1:54:02
Message-ID: bed57421-ffcf-4820-9f8d-f33103b302b9 () 33g2000vbe ! googlegroups ! com
[Download RAW message or body]



On 16 déc, 14:10, Daniel Cid <daniel....@gmail.com> wrote:
> Hi,
> 
> This is a common error and a cause of a lot of confusion :) This just
> means that that ossec-analysisd
> died (or is not responding) for some reason. So generally the root
> cause is a few lines above in the log
> file.
> 
> When this happens, try to run ossec-analysisd manually:
> 
> # /var/ossec/bin/ossec-analysisd
Hi!
 And thank you for the responses. I solved the issue by rearranging
Dir permissions
Which enabled the ossec user to read and Wright to a the /opt/ossec
dir.

My mistake  



> 
> And look at the /var/ossec/logs/ossec.log to see why it is failing.
> Fix the issue (generally a bad rule or
> bad config) and restart OSSEC.
> 
> *This "ossec/queue" is how all the processes send their events to analysisd.
> 
> Thanks,
> 
> --
> Daniel B. Cid
> dcid ( at ) ossec.net
> 
> 
> 
> On Fri, Dec 11, 2009 at 2:31 PM, Wim Remes <wre...@gmail.com> wrote:
> > Hi,
> 
> > I've experienced the same on Solaris 10 (not always). Usually running .install.sh \
> > and choosing update solves this issue.
> 
> > Cheers,
> 
> > Wim
> > On 11 Dec 2009, at 16:19, dasec wrote:
> 
> > > Hi list
> 
> > > I'm new to OSSEC
> 
> > > I just completed my first install and on start-up I get this error
> > > message in the log this
> > > is a Solaris 10 Box
> 
> > > 2009/12/11 10:06:56 ossec-monitord(1211): ERROR: Unable to access
> > > queue: '/queue/ossec/queue'. Giving up..
> > > 2009/12/11 10:07:19 ossec-syscheckd: INFO: Starting syscheck database
> > > (pre-scan).
> > > 2009/12/11 10:08:59 ossec-logcollector: socketerr (not available).
> > > 2009/12/11 10:11:10 ossec-logcollector: socketerr (not available).
> > > 2009/12/11 10:11:35 ossec-syscheckd: INFO: Finished creating syscheck
> > > database (pre-scan completed).
> > > 2009/12/11 10:13:21 ossec-logcollector: socketerr (not available).
> > > 2009/12/11 10:13:35 ossec-syscheckd: INFO: Starting syscheck scan
> > > (forwarding database).
> > > 2009/12/11 10:13:35 ossec-syscheckd: socketerr (not available).
> > > 2009/12/11 10:13:35 ossec-syscheckd(1224): ERROR: Error sending
> > > message to queue.
> > > 2009/12/11 10:13:38 ossec-syscheckd(1210): ERROR: Queue '/opt/ossec/
> > > queue/ossec/queue' not accessible: 'Destination address required'.
> > > 2009/12/11 10:13:38 ossec-syscheckd(1211): ERROR: Unable to access
> > > queue: '/opt/ossec/queue/ossec/queue'. Giving up..
> > > 2009/12/11 10:15:31 ossec-logcollector: socketerr (not available).
> > > 2009/12/11 10:17:42 ossec-logcollector: socketerr (not available).
> > > 2009/12/11 10:19:53 ossec-logcollector: socketerr (not available).- Masquer le \
> > > texte des messages précédents -
> 
> - Afficher le texte des messages précédents -


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic