I actually had this issue today as well. I was creating a custom rule to ignore a particularly noisy host, and after I restarted the OSSEC service I received this same error. As it turned out that I had simply typed the rule incorrectly. Rather than <rule id="100040" level="0">, I had written <rule_id="100040" level="0">. After removing the errant _ the service started up like a charm. However, nothing useful was logged to ossec.log to tell me what had gone wrong.
-Derek
________________________________________
From:
ossec...@googlegroups.com [
ossec...@googlegroups.com] On Behalf Of Peter M. Abraham [
peter....@dynamicnet.net]
Sent: Tuesday, December 15, 2009 5:06 PM
To: ossec-list
Subject: [ossec-list] Re: ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible
This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.
If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).