ossec-syscheckd(1210): ********* /queue' not accessible: 'Connection refused' - Under Debian 6
1,299 views
Skip to first unread message
venkat swaminathan
May 24, 2016, 8:32:53 AM5/24/16
to ossec-list
Dear All
Please bare my simple overview, Request some guidance in addressing issue
In our Linux system, we are trying to incorporate intrusion detection and file integrity monitoring alerts. For this OSSEC seems to be best open source option available in market.
System Configuration:
Ossec in server Mode : Debian 8 (Jessie)
Binary : Used ./install.sh from source (https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz) with server option.
The compilation was succesful :
root@debian:/opt/ossecData#
/opt/venkat/ossecData/bin/ossec-control status
ossec-monitord is running...
ossec-logcollector is running...
ossec-remoted is running...
ossec-syscheckd is running...
ossec-analysisd is running...
ossec-maild is running...
ossec-execd is running...
System is running fine.
However, tried the same in CLIENT machine ()
Ossec in server Mode : Debian 6 (Squeeze)
Binary : Used ./install.sh from source (https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz) with agent option.
Installation completed successfully,
when i tried to start ossces agent :
root@vir-deb:/opt/ossecData# /opt/ossecData/bin/ossec-control start
Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)...
Deleting PID file '/opt/ossecData/var/run/ossec-logcollector-5760.pid' not used...
Deleting PID file '/opt/ossecData/var/run/ossec-agentd-5756.pid' not used...
ossec-execd already running...
2016/05/24 15:25:16 ossec-agentd: INFO: Using notify time: 600 and max time to reconnect: 1800
Started ossec-agentd...
Started ossec-logcollector...
2016/05/24 15:25:19 ossec-syscheckd(1210): ERROR: Queue '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'.
2016/05/24 15:25:19 ossec-rootcheck(1210): ERROR: Queue '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'.
2016/05/24 15:25:27 ossec-syscheckd(1210): ERROR: Queue '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'.
2016/05/24 15:25:27 ossec-rootcheck(1210): ERROR: Queue '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'.
2016/05/24 15:25:40 ossec-syscheckd(1210): ERROR: Queue '/opt/ossecData/queue/ossec/queue' not accessible: 'Connection refused'.
2016/05/24 15:25:40 ossec-rootcheck(1211): ERROR: Unable to access queue: '/opt/ossecData/queue/ossec/queue'. Giving up..
I did search on this topic ( http://ossec-docs.readthedocs.io/en/latest/faq/unexpected.html#id50 ) . But nothing worked in my case.
According to docs for this error code , they asked to look at the status of ossec-analysisd . But in my case on my client machine , I am unable to locate ossec-analysisd.
-r-xr-x--- 1 root ossec 247218 May 24 14:39 agent-auth
-r-xr-x--- 1 root ossec 250505 May 24 14:39 manage_agents
-r-xr-x--- 1 root ossec 501580 May 24 14:39 ossec-agentd
-r-xr-x--- 1 root ossec 4834 Oct 13 2015 ossec-control
-r-xr-x--- 1 root ossec 105035 May 24 14:38 ossec-execd
-r-xr-x--- 1 root ossec 384947 May 24 14:39 ossec-logcollector
-r-xr-x--- 1 root ossec 174370 May 18 17:38 ossec-lua
-r-xr-x--- 1 root ossec 117632 May 18 17:38 ossec-luac
-r-xr-x--- 1 root ossec 499976 May 24 14:39 ossec-syscheckd
-r-xr-x--- 1 root ossec 4360 Oct 13 2015 util.sh
Am I missing something..
Regards
Venkat.S
dan (ddp)
May 24, 2016, 8:46:34 AM5/24/16
to ossec...@googlegroups.com
On Tue, May 24, 2016 at 7:43 AM, venkat swaminathan
<venka...@gmail.com> wrote:
> Dear All
>
> Please bare my simple overview, Request some guidance in addressing issue
>
> In our Linux system, we are trying to incorporate intrusion detection and
> file integrity monitoring alerts. For this OSSEC seems to be best open
> source option available in market.
>
...
<venka...@gmail.com> wrote:
> Dear All
>
> Please bare my simple overview, Request some guidance in addressing issue
>
> In our Linux system, we are trying to incorporate intrusion detection and
> file integrity monitoring alerts. For this OSSEC seems to be best open
> source option available in market.
>
> However, tried the same in CLIENT machine ()
>
> Ossec in server Mode : Debian 6 (Squeeze)
> Binary : Used ./install.sh from source
> (https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz)
> with agent option.
>
> Installation completed successfully,
>
> when i tried to start ossces agent :
>
Did you import the key you created on the OSSEC server?
>
> Ossec in server Mode : Debian 6 (Squeeze)
> Binary : Used ./install.sh from source
> (https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz)
> with agent option.
>
> Installation completed successfully,
>
> when i tried to start ossces agent :
>
>
> Am I missing something..
>
> Regards
> Venkat.S
>
>
>
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
venkat swaminathan
May 24, 2016, 9:15:08 AM5/24/16
to ossec-list
Yes, I did add client in server machine and stored the keydata in client.keys
However, if analysisd is not required, what is causing the "ossec-syscheckd(1210): ERROR: Queue '/opt/ossecData/queue/ossec/queue' "
dan (ddp)
May 24, 2016, 9:29:47 AM5/24/16
to ossec...@googlegroups.com
On Tue, May 24, 2016 at 9:15 AM, venkat swaminathan
<venka...@gmail.com> wrote:
> Yes, I did add client in server machine and stored the keydata in
> client.keys
>
Did you import the key on the agent? `/var/ossec/bin/manage_agents`
<venka...@gmail.com> wrote:
> Yes, I did add client in server machine and stored the keydata in
> client.keys
>
and the "i" option (I think).
> However, if analysisd is not required, what is causing the
> "ossec-syscheckd(1210): ERROR: Queue '/opt/ossecData/queue/ossec/queue' "
>
that manually:
`/var/ossec/bin/ossec-agentd -df`
That should put it in debug mode and run it in the foreground. If it
has any errors they should be
printed to the terminal.
venkat swaminathan
May 24, 2016, 11:07:47 AM5/24/16
to ossec-list
Sorry, I imported the key again and started the agent and now everything is fine.
root@vir-deb:/opt/ossecData# /opt/ossecData/bin/ossec-control start
Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)...
Deleting PID file '/opt/ossecData/var/run/ossec-logcollector-6098.pid' not used...
Deleting PID file '/opt/ossecData/var/run/ossec-agentd-6094.pid' not used...
ossec-execd already running...
2016/05/24 20:28:54 ossec-agentd: INFO: Using notify time: 600 and max time to reconnect: 1800
Started ossec-agentd...
Started ossec-logcollector...
Started ossec-syscheckd...
Completed.
On Tuesday, 24 May 2016 18:02:53 UTC+5:30, venkat swaminathan wrote:
Reply all
Reply to author
Forward
0 new messages