error message

132 views
Skip to first unread message

dasec

unread,
Dec 11, 2009, 10:19:58 AM12/11/09
to ossec-list
Hi list

I'm new to OSSEC

I just completed my first install and on start-up I get this error
message in the log this
is a Solaris 10 Box

2009/12/11 10:06:56 ossec-monitord(1211): ERROR: Unable to access
queue: '/queue/ossec/queue'. Giving up..
2009/12/11 10:07:19 ossec-syscheckd: INFO: Starting syscheck database
(pre-scan).
2009/12/11 10:08:59 ossec-logcollector: socketerr (not available).
2009/12/11 10:11:10 ossec-logcollector: socketerr (not available).
2009/12/11 10:11:35 ossec-syscheckd: INFO: Finished creating syscheck
database (pre-scan completed).
2009/12/11 10:13:21 ossec-logcollector: socketerr (not available).
2009/12/11 10:13:35 ossec-syscheckd: INFO: Starting syscheck scan
(forwarding database).
2009/12/11 10:13:35 ossec-syscheckd: socketerr (not available).
2009/12/11 10:13:35 ossec-syscheckd(1224): ERROR: Error sending
message to queue.
2009/12/11 10:13:38 ossec-syscheckd(1210): ERROR: Queue '/opt/ossec/
queue/ossec/queue' not accessible: 'Destination address required'.
2009/12/11 10:13:38 ossec-syscheckd(1211): ERROR: Unable to access
queue: '/opt/ossec/queue/ossec/queue'. Giving up..
2009/12/11 10:15:31 ossec-logcollector: socketerr (not available).
2009/12/11 10:17:42 ossec-logcollector: socketerr (not available).
2009/12/11 10:19:53 ossec-logcollector: socketerr (not available).

Wim Remes

unread,
Dec 11, 2009, 1:31:19 PM12/11/09
to ossec...@googlegroups.com
Hi,

I've experienced the same on Solaris 10 (not always). Usually running .install.sh and choosing update solves this issue.

Cheers,

Wim

Daniel Cid

unread,
Dec 16, 2009, 2:10:45 PM12/16/09
to ossec...@googlegroups.com
Hi,

This is a common error and a cause of a lot of confusion :) This just
means that that ossec-analysisd
died (or is not responding) for some reason. So generally the root
cause is a few lines above in the log
file.

When this happens, try to run ossec-analysisd manually:

# /var/ossec/bin/ossec-analysisd


And look at the /var/ossec/logs/ossec.log to see why it is failing.
Fix the issue (generally a bad rule or
bad config) and restart OSSEC.


*This "ossec/queue" is how all the processes send their events to analysisd.


Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net

dasec

unread,
Dec 16, 2009, 8:54:02 PM12/16/09
to ossec-list

On 16 déc, 14:10, Daniel Cid <daniel....@gmail.com> wrote:
> Hi,
>
> This is a common error and a cause of a lot of confusion :) This just
> means that that ossec-analysisd
> died (or is not responding) for some reason. So generally the root
> cause is a few lines above in the log
> file.
>
> When this happens, try to run ossec-analysisd manually:
>
> # /var/ossec/bin/ossec-analysisd

Hi!
And thank you for the responses. I solved the issue by rearranging
Dir permissions
Which enabled the ossec user to read and Wright to a the /opt/ossec
dir.

My mistake 

> >> 2009/12/11 10:19:53 ossec-logcollector: socketerr (not available).- Masquer le texte des messages précédents -
>
> - Afficher le texte des messages précédents -

Reply all
Reply to author
Forward
0 new messages